Splunk SPLK-3003 Exam - Topic 10 Question 42 Discussion

Actual exam question for Splunk's SPLK-3003 exam

Question #: 42
Topic #: 10

The data in Splunk is now subject to auditing and compliance controls. A customer would like to ensure that at least one year of logs are retained for both Windows and Firewall events. What data retention controls must be configured?

AmaxTotalDataSizeMB and frozenTimePeriodInSecs

BcoldToFrozenDir and coldToFrozenScript

CSplunk Volume and maxTotalDataSizMB

DSplunk Volume and frozenTimePeriodInSecs

Show Suggested Answer

Suggested Answer: A

by Adelina at May 09, 2022, 11:20 AM

Limited Time Offer

25%

Off

Get Premium SPLK-3003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Stefanie

5 months ago

I disagree, I think option C is the way to go!

upvoted 0 times

...

Andra

5 months ago

Wait, are we really sure about the frozenTimePeriod? Sounds tricky.

upvoted 0 times

...

Aliza

6 months ago

Definitely going with option D! Makes the most sense.

upvoted 0 times

...

Whitley

6 months ago

I think maxTotalDataSizeMB is also important.

upvoted 0 times

...

Beckie

6 months ago

Gotta set up frozenTimePeriodInSecs for sure.

upvoted 0 times

...

Aileen

6 months ago

I believe "Splunk Volume" is key for managing data retention, but I can't remember if it pairs with "frozenTimePeriodInSecs" or something else.

upvoted 0 times

...

Merilyn

6 months ago

I’m a bit confused about the difference between "maxTotalDataSizeMB" and "Splunk Volume." I hope I can recall the right one during the exam.

upvoted 0 times

...

Truman

6 months ago

I think we practiced a similar question where we had to configure data retention for compliance. I feel like "frozenTimePeriodInSecs" is definitely involved.

upvoted 0 times

...

Dick

6 months ago

I remember we discussed the importance of data retention settings in our last study group, but I'm not entirely sure which specific parameters to use.

upvoted 0 times

...