what are the two steps to conduct capacity planning in splunk?

select windows user,

reinstall operating system,

log all drives and ports,

disable or limit antivirus

the indexer and indexer cluster peer node run on which ports,

TCP/8000,

TCP 8089,

TCP/9887,

TCP9997

SELECT 2 ELEMENTS OF THE SPLUNK DATA PIPELINE,

SEARCH HEADS,

INPUT,

FORWARDERS,

PARSING

what is the max daily indexing for splunk enterprise and cloud,

500MB,

20GB,

5TB,

UNLIMITED
After installing Splunk ,you would like to troubleshoot various default configurations. Select the option
that depicts an accurate use of the btool command to accomplish this task

./splunk btool inputs list

Splunk btool inputs list

./splunk btools inputslist

Splunk btool inputs lists

What is the difference between a forwarder and indexer?

A forwarder receives data

An indexer serves as a universal forwarder

A forwarder sends onward

An indexer serves as a heavy forwarder

What is Parsing and Indexing?

Indexing is turning data into events

Indexing is categorizing events

Parsing is categorizing events

Parsing is turning data into events

You are tasked with performing a field extraction . What are some of the ways in which this action can
be performed?

Search Query

Regular Expression

Both by Delimiter and Regular Expression

US Thumb Drive

What do distributed environments provide?

The ability for horizontal scaling

The ability to send data onward

The ability to help manage forwarders

The ability to distribute searches to indexers

What is an alternative way to install Splunk on a Linux/Unix-based machine?

Using an install disk

Using a website link

Using a USB Drive

Using the command line using wget

Select one of the Specialty Focus areas for Splunk

Splunk for Industrial IOT

Splunk Enterprise Security

Splunk Certifed Developer

Splunk Log Analyst

Which of the items will this regular expression match

\d +\s\w+\d+\s\d+:\d+:\d+
AA Aug 2017 18:45:20

22 101 2017 18:45:20

22 Aug 2017 18:45:20

22 Aug 2017 18:45:20

You have installed Splunk.What is the best way to check the status of an existing installation

Type/opt/splunk/bin/splunk status in the command line

Type/opt/splunk/data/splunk status in the command line

Type/opt/splunk/port/splunk status in the command line

Type/opt/splunk/system/splunk status in the command line

What does the following command trigger? index=firewall threatname=sql_injection|table src_ip

dest_ip message

It triggers an alert if a firewall threat is detected

It triggers an alert if an SQL Hack is attempted

It triggers an alert if an SQL Scripting Attack is attempted

It triggers an alert if an SQL Injection is attempted

There are 6 categories of search commands. Select the option hat accurately describes the purpose
behind 3 search command options

Distribute streaming

Transforming

Processing

Orchestrating

What are the options for saving the internal data type

Save as a Report

Save as a table

Save as an alert

Save as an event

Which of the following is a Splunk certification you can obtain

Splunk certified Accountant

Splunk Administrator

Splunk Certified Developer

Splunk Log Analyst

Splunk is what type of Security Tool

SIEM

IDS

IPS

Firewall

What are the recommended deployment scales for a very small office/department

10GB

20GB

50 FORWARDERS

100 FORWARDERS

What is Splunkbase

Base for Splunk Versions

Basic version of Splunk software

First version of Splunk software

Site for apps and add-ons

You are tasked with defining some actions based on the previous alert trigger conditions. What options
does Splunk provide for this?

Database Query

Send data onward

Send Email

Write Results to CSV file

Explain the UF= IDX =SH PROCESS

Universal Forwarder sends Data to the Parsing/Indexing Engine and feeds results to the Search Heads

Universal Forwarder sends Data to the indexing Engine and Feeds results to the Search Heads

Universal File System sends Data to the Parsing/Indexing Engine and Feeds results to the Search Header

Universal Forwarder sends Data to the Ingest Engine and Feeds results to the Symbolic Header

What are two types of data searches you can perform?

Events

Schedules

Alerts

Birthdates

Select the option that allows you to perform a search using a lookup table

Lookup [local=bool] [update=bool] lookup

Table-name (lookup-field [AS event –field]

[OUTPUT| OUTPUTNEW ( lookup-destfield [AS

event-destfield]
Lookup [local=bool] [update=bool] lookup

Database-name (lookup-field [AS event –field]

[OUTPUT| OUTPUTNEW ( lookup-

destfield [AS event-destfield]

Lookup [local=bool] [update=bool] lookup

Table-name (lookup-field [AS event –field]

[OUTPUT| OUTPUTNEW ( lookup-sourcefield [AS

event-destfield]

Lookup [local=bool] [update=bool] lookup

Table-name (lookup-delimiter [AS event –field]

[OUTPUT| OUTPUTNEW ( lookup-destfield [AS

event-destfield]

Select 2 or more functions of forwarders.

Sends data onward

Universal Forwarder

Distributes searches

Heavy Forwarder
When is it most appropriate to use a regular expression for field extraction?

Numerical Data

Structured Data

Unstructured Data

Alpha-numerical Data

Splunk …………………………………………, and …………………use data

Aggregates,simulates,fosters,helps

Aggregates,processes, analyzes,helps

Stimulates,stores, aggregates, assists

None of the Above

What are two examples of data parsing?

Line breaks

Event logs

Rules to transform data

Date Entries
Select the function of indexers

Receive data

Search management

Scheduled searches

Index data

What does the following command trigger ? Index=authentication

Machine=important machine action =failure

Continously runs and triggers alerts when there are more than 2 events

Triggered in the last 5 minutes

Continously runs and triggers alerts when there are more than 5 events

Triggered in the last 10 minutes

Runs a single time and triggers alerts when there are more than 5 events

Triggered in the last 10 minutes

Continously runs and triggers alerts when there are more than 5 events

Triggered in the last 30 minutes.

What types of detection does the UBA feature of Splunk perform?

Risk Behavior

Entity Profiling

Log Aggregation

Ad Hoc searches

Select the option that best describes the method(s) of configuring load balancing for Splunk

What are the conditions in which you would need to use quotation marks in Splunk?

Regular Expressions

Spaces

Search Query delimiter

End of Line Marker

What role can a deployment server play?

Horizontal scaling

Send data onward

Help manage forwarders

Distribute searches to indexers

Select the function(s) of indexers

Receive data

Search management

Scheduled searches

Index data

What are 3 ways to get data into Splunk?

TCP/UDP ports

Syslog collection

APIs

Drivers

Splunk Enterprise is responsible for ………………………………………………………………

Log Aggregation

Risk Behavior detection

Entity profiling and scoring

Kill chain and Graph analysis

Splunk is able to process the following types of data

Files and Directories

Network events

System Logs

Memory Fragments

What is Splunk VistorOps?

A product that automates chains of events

An automated on-call management product

A product that aggregates data and designs rules

A product that identifies and detects risk behavior

What are the Ports 8065 and 8191 used for?

App Key-Value Store

Splunk Web Access

Management/REST API

Receiving data from forwarders

What is Splunk Enterprise Security?

A specialized security feature

A secure version of Splunk software

A security add-on for the Splunk platform

The security team for Splunk

What do distributed environments provide?

The ability for horizontal scaling

The ability to send data onward

The ability to help manage forwarders

The ability to distribute searches to indexers

Splunk is helpful for turning……………………………………………..data into usable information

Structured

Binary

File

Unstructured