Splunk Cloud Certified Admin

Here you have the best Splunk SPLK-1005 practice exam questions

You have 60 total questions to study from
Each page has 5 questions, making a total of 12 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 16, 2025
This site is not affiliated with or endorsed by Splunk.

Question 1 of 60

When monitoring directories that contain mixed file types, which setting should be omitted from inputs.conf and instead be overridden in props.conf?

sourcetype

host

source

index

Correct Answer: A

Question 2 of 60

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

Any token will be accepted by HEC, the data may just end up in the wrong index.

A token is generated when configuring a HEC input, which should be provided to the application developers.

Obtain a token from the organization’s application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.

Open a support case for each new data input and a token will be provided.

Correct Answer: B

Question 3 of 60

The following Apache access log is being ingested into Splunk via a monitor input:
Exam SPLK-1005: Question 3 - Image 1

How does Splunk determine the time zone for this event?

The value of the TZ attribute in props.conf for the access_combined sourcetype.

The value of the TZ attribute in props.conf for the my.webserver.example host.

The time zone of the Heavy/Intermediate Forwarder with the monitor input.

The time zone indicator in the raw event data.

Correct Answer: D

Question 4 of 60

What syntax is required in inputs.conf to ingest data from files or directories?

A monitor stanza, sourcetype, and index is required to ingest data.

A monitor stanza, sourcetype, index, and host is required to ingest data.

A monitor stanza and sourcetype is required to ingest data.

Only the monitor stanza is required to ingest data.

Correct Answer: D

Question 5 of 60

A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchases/transactions.log that has the following format:
2020-01-01 00:01:20 User=bob SuperSecretNumber=123456789012 Operation=purchase
2020-01-01 16:15:32 User=alice SuperSecretNumber=123456789012 Operation=purchase
Which of the stanzas below will achieve this?

Correct Answer: B