exam questions

Exam SPLK-3003 All Questions

View all questions & answers for the SPLK-3003 exam

Exam SPLK-3003 topic 1 question 76 discussion

Actual exam question from Splunk's SPLK-3003
Question #: 76
Topic #: 1
[All SPLK-3003 Questions]

A customer would like to remove the output_file capability from users with the default user role to stop them from filling up the disk on the search head with lookup files. What is the best way to remove this capability from users?

  • A. Create a new role without the output_file capability that inherits the default user role and assign it to the users.
  • B. Create a new role with the output_file capability that inherits the default user role and assign it to the users.
  • C. Edit the default user role and remove the output_file capability.
  • D. Clone the default user role, remove the output_file capability, and assign it to the users.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
v12
Highly Voted 3 years, 11 months ago
D is correct. If new role will inherit user role, user role will have the capabilities from user role, you cannot remove it from new role but if you clone it, it would be possible.
upvoted 11 times
...
marinatedcohort
Most Recent 2 weeks, 2 days ago
I get it, answer is D. However, I thought users inherited the most restrictive capabilities from their roles. So if we create a new role, 'no_output_file', and assign it to the user, why wouldn't it take effect?
upvoted 1 times
...
bobixaka
7 months ago
Selected Answer: D
Ref: CI Notes p.116 Roles cannot remove capabilities when they inherit them from another role! "C" is a possible option which will work, but it's not a best practice. Page 118 states "One quick fix is to adjust the default “user” role to take away the *** setting", but that's a quick and dirty fix, which will remove this capability globally from all users... The best option is "D", but it's better to set the output_file capability to "disabled" rather than removing it. I'm not sure what the default behavior will be like when the capability is removed and not set to disabled.
upvoted 1 times
...
Redtonyeah
2 years, 7 months ago
Selected Answer: D
D is correct
upvoted 4 times
...
Giodada
3 years, 11 months ago
A is correct NEVER edit a default role
upvoted 4 times
noysherer
3 years, 6 months ago
I agree to never edit a default role but the answer is D. If a role inherits another role, it gets its capabilities as well, which in this case we do not desire.
upvoted 1 times
chuchoneitor
3 years, 3 months ago
I think the answer is A because if you upgrade Splunk, they will make some modifications to the original role. So, it's better to create a new role with inherits properties from the original one and make your customs modifications.
upvoted 1 times
pbandj12
3 years, 3 months ago
but answer A inherits the default user role, hence it will still have the output_file capability. With D you are Cloning the role, then editing the new role you created. I think the answer is D.
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago