Which of the following are methods for adding inputs in Splunk? (Select all that apply.)

1. A. CLI
2. B. Splunk Web
3. C. Editing inpits.conf
4. D. Editing monitor.conf

Correct Answer: AB
Reference: http://dev.splunk.com/view/dev -guide/SP-CAAAE3A

Which Splunk component does a search head primarily communicate with?

1. A. Indexer
2. B. Forwarder
3. C. Cluster master
4. D. Deployment server

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/InheritedDeployment/Deploymenttopology

What type of data is counted against the Enterprise license at a fixed 150 bytes per event?

1. A. License data
2. B. Metrics data
3. C. Internal Splunk data
4. D. Internal Windows logs

Correct Answer: B
Reference: https://answers.splunk.com/answers/581441/how-is-the-splunk-license-measured.html

How often does Splunk recheck the LDAP server?

1. A. Every 5 minutes.
2. B. Each time a user logs in.
3. C. Each time Splunk is restarted.
4. D. Varies based on LDAP_refresh setting.

Correct Answer: D
Reference: http://docshare02.docshare.tips/files/22651/226514302.pdf

Which Splunk forwarder type allows parsing of data before forwarding to an indexer?

1. A. Universal forwarder
2. B. Parsing forwarder
3. C. Heavy forwarder
4. D. Advanced forwarder

Correct Answer: C
Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/Forwarding/Typesofforwarders