Free Splunk SPLK-1005 Exam Actual Questions

The questions for SPLK-1005 were last updated On Nov 16, 2024

Question No. 1

Which of the following lists all parameters supported by the acceptFrom argument?

Show Answer Hide Answer
Correct Answer: B

The acceptFrom parameter is used in Splunk to specify which IP addresses or DNS names are allowed to send data to a Splunk instance. The supported formats include IPv4, IPv6, CIDR notation, and DNS names.

B . IPv4, IPv6, CIDRs, DNS names is the correct answer. These are the valid formats that can be used with the acceptFrom argument. Wildcards are not supported in acceptFrom parameters for security reasons, as they would allow overly broad access.

Splunk Documentation Reference:

acceptFrom Parameter Usage


Question No. 2

Which of the following statements is true regarding sedcmd?

Show Answer Hide Answer
Correct Answer: D

SEDCMD in props.conf applies regular expressions to modify data as it is ingested. It is useful for transforming raw event data before indexing. [Reference: Splunk Docs on SEDCMD]


Question No. 3

What is a private app?

Show Answer Hide Answer
Correct Answer: C

A private app in Splunk is one that is created and used within a specific organization, and is not publicly available in the Splunkbase app store.

C . An app that is created and used only by a specific organization is the correct answer. This type of app is developed internally and used by a particular organization, often tailored to meet specific internal needs. It is not shared with other organizations and remains private within that organization's Splunk environment.

Splunk Documentation Reference:

Private Apps in Splunk


Question No. 4

A Splunk Cloud administrator is looking to allow a new group of Splunk users in the marketing department to access the Splunk environment and view a dashboard with relevant dat

a. These users need to access marketing data (stored in the marketing_data index), but shouldn't be able to access other data, such as events related to security or operations.

Which approach would be the best way to accomplish these requirements?

Show Answer Hide Answer
Correct Answer: B

The best approach to meet the requirements of the marketing department is to create a new role that inherits the user role but with restricted access to only the marketing_data index. This setup allows users to perform searches and view dashboards while ensuring they cannot access other indexes such as those containing security or operations data.

Splunk Documentation Reference: Splunk Role-based Access Control


Question No. 5

A log file is being ingested into Splunk, and a few events have no date stamp. How would Splunk first try to determine the missing date of the events?

Show Answer Hide Answer
Correct Answer: D

When events lack a timestamp, Splunk defaults to using the file modification time, which is accessible metadata for parsing time information if no timestamp is present in the log entry. [Reference: Splunk Docs on timestamp recognition]