Splunk Cloud Certified Admin

Here you have the best Splunk SPLK-1005 practice exam questions

You have 60 total questions across 12 pages (5 per page)
These questions were last updated on February 17, 2026
This site is not affiliated with or endorsed by Splunk.

Question 1 of 60

When monitoring directories that contain mixed file types, which setting should be omitted from inputs.conf and instead be overridden in props.conf?

sourcetype

host

source

index

Question 2 of 60

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

Any token will be accepted by HEC, the data may just end up in the wrong index.

A token is generated when configuring a HEC input, which should be provided to the application developers.

Obtain a token from the organization’s application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.

Open a support case for each new data input and a token will be provided.

Question 3 of 60

The following Apache access log is being ingested into Splunk via a monitor input:
Exam SPLK-1005: Question 3 - Image 1

How does Splunk determine the time zone for this event?

The value of the TZ attribute in props.conf for the access_combined sourcetype.

The value of the TZ attribute in props.conf for the my.webserver.example host.

The time zone of the Heavy/Intermediate Forwarder with the monitor input.

The time zone indicator in the raw event data.

Question 4 of 60

What syntax is required in inputs.conf to ingest data from files or directories?

A monitor stanza, sourcetype, and index is required to ingest data.

A monitor stanza, sourcetype, index, and host is required to ingest data.

A monitor stanza and sourcetype is required to ingest data.

Only the monitor stanza is required to ingest data.

Question 5 of 60

A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchases/transactions.log that has the following format:
2020-01-01 00:01:20 User=bob SuperSecretNumber=123456789012 Operation=purchase
2020-01-01 16:15:32 User=alice SuperSecretNumber=123456789012 Operation=purchase
Which of the stanzas below will achieve this?

About the Splunk SPLK-1005 Certification Exam

About the Exam

The Splunk SPLK-1005 (Splunk Cloud Certified Admin) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 60 practice questions across 12 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our SPLK-1005 questions are regularly updated to reflect the latest exam objectives.