Splunk Exam SPLK-1005 Topic 9 Question 5 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 5
Topic #: 9

[All SPLK-1005 Questions]

By default, which of the following capabilities are granted to the sc_admin role?

Aindexes_edit, edit___token, admin_all_objects, delete_by_keyword

Bindexes_edit, fsh_manage, acs_conf, list_indexesdiscovert

Cindexes_edit, fsh_manage, admin_all_objects can_delete

Dindexes_edit, edit_token_http, admin _all objects, edit limits_conf

Show Suggested Answer

Suggested Answer: C

By default, the sc_admin role in Splunk Cloud is granted several important capabilities, including:

indexes_edit: The ability to create, edit, and manage indexes.

fsh_manage: Manage full-stack monitoring integrations.

admin_all_objects: Full administrative control over all objects in Splunk.

can_delete: The ability to delete events using the delete command.

Option C correctly lists these default capabilities for the sc_admin role.

Splunk Documentation Reference: User roles and capabilities

by Dustin at Oct 19, 2024, 03:15 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Doretha

16 hours ago

Hmm, I think D might be the correct answer. The 'edit_token_http' and 'edit_limits_conf' capabilities sound like they could be included in the sc_admin role.

upvoted 0 times

...

Maybelle

5 days ago

I'm pretty sure the answer is C. The sc_admin role has the 'indexes_edit', 'fsh_manage', and 'admin_all_objects can_delete' capabilities by default.

upvoted 0 times

...

Armanda

1 months ago

I agree with Stephaine, because admin_all_objects can_delete makes sense for sc_admin role.

upvoted 0 times

...

Stephaine

1 months ago

I think the answer is C) indexes_edit, fsh_manage, admin_all_objects can_delete.

upvoted 0 times

...