Summer Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

Splunk Cloud Certified Admin Question and Answers

Splunk Cloud Certified Admin

Last Update Oct 16, 2025
Total Questions : 80

We are offering FREE SPLK-1005 Splunk exam questions. All you do is to just go and sign up. Give your details, prepare SPLK-1005 free exam questions and then go for complete pool of Splunk Cloud Certified Admin test questions that will help you more.

SPLK-1005 pdf

SPLK-1005 PDF

$42  $104.99
 Add to Cart
SPLK-1005 Engine

SPLK-1005 Testing Engine

$50  $124.99
 Add to Cart
SPLK-1005 PDF + Engine

SPLK-1005 PDF + Testing Engine

$66  $164.99
 Add to Cart
Questions 1

Which of the following is a valid stanza in props. conf?

Options:

A.  

[sourcetype::linux_secure]

B.  

[host=nyc25]

C.  

[host::nyc*]

D.  

[host:nyc*]

Discussion 0
Questions 2

Which of the following files is used for both search-time and index-time configuration?

Options:

A.  

inputs.conf

B.  

props.conf

C.  

macros.conf

D.  

savesearch.conf

Discussion 0
Questions 3

When monitoring network inputs, there will be times when the forwarder is unable to send data to the indexers. Splunk uses a memory queue and a disk queue. Which setting is used for the disk queue?

Options:

A.  

queueSize

B.  

maxQeueSize

C.  

diskQiioiioiiizo

D.  

persistentQueueSize

Discussion 0
Questions 4

What is a private app?

Options:

A.  

An app where only a specific role has read and write access.

B.  

An app that is only viewable by a specific user.

C.  

An app that is created and used only by a specific organization.

D.  

An app where only a specific role has read access.

Discussion 0
Questions 5

What is the correct syntax to monitor /apache/too/logo, /apache/bor/logs, and /apache/bar/l/logo?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 6

When a forwarder phones home to a Deployment Server it compares the check-sum value of the forwarder's app to the Deployment Server's app. What happens to the app If the check-sum values do not match?

Options:

A.  

The app on the forwarder is always deleted and re-downloaded from the Deployment Server.

B.  

The app on the forwarder is only deleted and re-downloaded from the Deployment Server if the forwarder's app has a smaller check-sum value.

C.  

The app is downloaded from the Deployment Server and the changes are merged.

D.  

A warning is generated on the Deployment Server stating the apps are out of sync. An Admin will need to confirm which version of the app should be used.

Discussion 0
Questions 7

What is the recommended approach to collect data from network devices?

Options:

A.  

TCP/UDP Feed > Heavy Forwarder > Intermediate Forwarder > Splunk Cloud

B.  

TCP/UDP Feed > Syslog Server with Universal Forwarder > Splunk Cloud

C.  

TCP/UDP Feed > Universal Forwarder > Intermediate Forwarder > Splunk Cloud

D.  

TCP/UDP Feed > Intermediate Forwarder > Heavy Forwarder > Splunk Cloud

Discussion 0
Questions 8

Which of the following takes place during the input phase?

Options:

A.  

Splunk annotates data with only 3 metadata keys: host, source, and sourcetype.

B.  

Splunk sets the character encoding of the data.

C.  

Splunk looks at the contents of the data to apply the correct source.

D.  

Splunk breaks data into individual lines.

Discussion 0
Questions 9

Where is the recommended place to deploy input apps that are not permitted on Splunk Cloud?

Options:

A.  

Universal Forwarder or Heavy Forwarder.

B.  

Heavy Forwarder only.

C.  

Universal Forwarder only.

D.  

Apps cannot be installed on on-prem instances.

Discussion 0
Questions 10

Which of the following is true when using Intermediate Forwarders?

Options:

A.  

Intermediate Forwarders may be a mix of Universal and Heavy Forwarders.

B.  

All Intermediate Forwarders must be Heavy Forwarders.

C.  

Intermediate Forwarders may be Universal Forwarders or Heavy Forwarders, but may not be mixed.

D.  

All Intermediate Forwarders must be Universal Forwarders.

Discussion 0
Questions 11

By default, which of the following capabilities are granted to the sc_admin role?

Options:

A.  

indexes_edit, edit___token, admin_all_objects, delete_by_keyword

B.  

indexes_edit, fsh_manage, acs_conf, list_indexesdiscovert

C.  

indexes_edit, fsh_manage, admin_all_objects can_delete

D.  

indexes_edit, edit_token_http, admin _all objects, edit limits_conf

Discussion 0
Questions 12

When using Splunk Universal Forwarders, which of the following is true?

Options:

A.  

No more than six Universal Forwarders may connect directly to Splunk Cloud.

B.  

Any number of Universal Forwarders may connect directly to Splunk Cloud.

C.  

Universal Forwarders must send data to an Intermediate Forwarder.

D.  

There must be one Intermediate Forwarder for every three Universal Forwarders.

Discussion 0
Questions 13

In which of the following situations should Splunk Support be contacted?

Options:

A.  

When a custom search needs tuning due to not performing as expected.

B.  

When an app on Splunkbase indicates Request Install.

C.  

Before using the delete command.

D.  

When a new role that mirrors sc_admin is required.

Discussion 0
Questions 14

Which of the following would always require raising a support ticket?

Options:

A.  

Capacity or configuration changes in Splunk Cloud.

B.  

Search does not return expected results in Splunk Cloud.

C.  

A user is unable to log into Splunk Cloud.

D.  

Data is not indexed in Splunk Cloud.

Discussion 0
Questions 15

What does the followTail attribute do in inputs.conf?

Options:

A.  

Pauses a file monitor if the queue is full.

B.  

Only creates a tail checkpoint of the monitored file.

C.  

Ingests a file starting with new content and then reading older events.

D.  

Prevents pre-existing content in a file from being ingested.

Discussion 0
Questions 16

Which of the following is a valid monitor stanza for inputs.conf?

Options:

A.  

[monitor:///var/log/*.log] index = linux sourcetype = access_combined host = 489307057

B.  

[monitor:\\\var\log\httpd-[0-9].log] index = linux sourcetype = access_combined host = 489307057

C.  

[monitor:///var/log/httpd-[0-9].log] index = linux sourcetype = access_combined host = 489307057

D.  

[monitor:\\\var\log\*.log] index = linux sourcetype = access_combined host = 489307057

Discussion 0
Questions 17

How is the forwarder configuration app for Splunk Cloud obtained?

Options:

A.  

Use the wget URL presented when an sc_admin user logs in for the first time.

B.  

Download from the email sent to the person listed in the SHIP TO: field when the customer licensed Splunk Cloud.

C.  

Download from the Splunk Cloud UI under the Universal Forwarder app.

D.  

Download from Splunkbase using splunk.com credentials.

Discussion 0
Questions 18

Which of the following statements is true regarding sedcmd?

Options:

A.  

SEDCMD can be defined in either props.conf or transforms.conf.

B.  

SEDCMD does not work on Windows-based installations of Splunk.

C.  

SEDCMD uses the same syntax as Splunk's replace command.

D.  

SEDCMD provides search and replace functionality using regular expressions and substitutions.

Discussion 0
Questions 19

When is data deleted from a Splunk Cloud index?

Options:

A.  

When buckets roll to frozen, without a defined archive.

B.  

When data is deleted via the Splunk Cloud Admin GUI.

C.  

When TA_Delete is downloaded and enabled from SplunkBase.

D.  

When the daleteindex command is executed from the CLI.

Discussion 0
Questions 20

A customer has worked with their LDAP administrator to configure an LDAP strategy in Splunk. The configuration works, and user Mia can log into Splunk using her LDAP Account. After some time, the Splunk Cloud administrator needs to move Mia from the user role to the power role. How should they accomplish this?

Options:

A.  

Ask the LDAP administrator to move Mia's account to an appropriately mapped LDAP group.

B.  

Have Mia log into Splunk, then update her own role in user settings.

C.  

Create a role named Power in Splunk, then map Mia's account to that role.

D.  

Use the Cloud Monitoring Console app as an administrator to map Mia's account to the power role.

Discussion 0
Questions 21

Which of the following stanzas would enable a TCP input on port 1025, allowing traffic from all IP addresses except 10.5.5.1?

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 22

Which of the following is not considered a best practice for the deployment server?

Options:

A.  

Create small, single-purpose deployment apps.

B.  

Dedicate a Splunk instance as the deployment server.

C.  

Use a Linux server as the deployment server.

D.  

Create large, multi-purpose deployment apps.

Discussion 0
Questions 23

The following sample log event shows evidence of credit card numbers being present in the transactions. loc file.

Which of these SEDCM3 settings will mask this and other suspected credit card numbers with an Y character for each character being masked? The indexed event should be formatted as follows:

A)

B)

C)

D)

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 24

Windows Input types are collected in Splunk via a script which is configurable using the GUI. What is this type of input called?

Options:

A.  

Batch

B.  

Scripted

C.  

Modular

D.  

Front-end

Discussion 0