Examice

Exam SPLK-1003 All QuestionsBrowse all questions from this exam

Go to Exam

Question 3

In case of a conflict between a whitelist and a blacklist input setting, which one is used?

Blacklist

Whitelist

They cancel each other out.

Whichever is entered into the configuration first.

Correct Answer: A

In case of a conflict between a whitelist and a blacklist input setting, the blacklist is used. This is because blacklist entries are typically given higher priority to prevent unintended or potentially harmful data from being processed, ensuring more stringent control over what is excluded.

Discussion

ApisOption: A

A is correct

BengieQuesadaOption: A

A is correct Data Admin slide 123

KobiOption: A

Blacklist Overides Whitelist

newroseOption: A

"It is not necessary to define both an allow list and a deny list in a configuration stanza. The settings are independent. If you do define both filters and a file matches them both, Splunk Enterprise does not index that file, as the blacklist filter overrides the whitelist filter." Source: https://docs.splunk.com/Documentation/Splunk/8.1.0/Data/Whitelistorblacklistspecificincomingdata

emlchOption: A

In case of a conflict the blacklist prevails

Praf7Option: A

A. Blacklist

yybbbOption: A

A. blacklist

ZeusPOption: A

Blacklist always overrides Whitelist