SPLK-2002
Free trial
Verified
Question 1
Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?
- A: Setting the cluster search factor to N-1.
- B: Increasing the number of buckets per index.
- C: Decreasing the data model acceleration range.
- D: Setting the cluster replication factor to N-1.
Question 2
Which index-time props.conf attributes impact indexing performance? (Select all that apply.)
- A: REPORT
- B: LINE_BREAKER
- C: ANNOTATE_PUNCT
- D: SHOULD_LINEMERGE
Question 3
Which of the following are client filters available in serverclass.conf? (Select all that apply.)
- A: DNS name.
- B: IP address.
- C: Splunk server role.
- D: Platform (machine type).
Question 4
What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?
- A: btool.log
- B: metrics.log
- C: splunkd.log
- D: tailing_processor.log
Question 5
Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?
- A: btool
- B: DiagGen
- C: SPL Clinic
- D: Monitoring Console
Question 6
In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?
- A: site_search_factor = origin:2, site1:2, total:4
- B: site_search_factor = origin:2, site2:1, total:4
- C: site_replication_factor = origin:2, site1:2, total:4
- D: site_replication_factor = origin:2, site2:1, total:4
Question 7
Which Splunk Enterprise offering has its own license?
- A: Splunk Cloud Forwarder
- B: Splunk Heavy Forwarder
- C: Splunk Universal Forwarder
- D: Splunk Forwarder Management
Question 8
Which component in the splunkd.log will log information related to bad event breaking?
- A: Audittrail
- B: EventBreaking
- C: IndexingPipeline
- D: AggregatorMiningProcessor
Question 9
Which Splunk server role regulates the functioning of indexer cluster?
- A: Indexer
- B: Deployer
- C: Master Node
- D: Monitoring Console
Question 10
When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member.
What corrective action should be taken?
- A: Restart the search head.
- B: Run the splunk apply shcluster-bundle command from the deployer.
- C: Run the clean raft command on all members of the search head cluster.
- D: Run the splunk resync shcluster-replicated-config command on this member.
Question 11
Which of the following commands is used to clear the KV store?
- A: splunk clean kvstore
- B: splunk clear kvstore
- C: splunk delete kvstore
- D: splunk reinitialize kvstore
Question 12
Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?
- A: Increasing the search factor in the cluster.
- B: Increasing the replication factor in the cluster.
- C: Increasing the number of search heads in the cluster.
- D: Increasing the number of CPUs on the indexers in the cluster.
Question 13
Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?
- A: Increase the maximum number of hot buckets in indexes.conf
- B: Increase the number of parallel ingestion pipelines in server.conf
- C: Decrease the maximum size of the search pipelines in limits.conf
- D: Decrease the maximum concurrent scheduled searches in limits.conf
Question 14
The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index?
- A: rawdata is: 10%, tsidx is: 40%
- B: rawdata is: 15%, tsidx is: 35%
- C: rawdata is: 35%, tsidx is: 15%
- D: rawdata is: 40%, tsidx is: 10%
Question 15
A three-node search head cluster is skipping a large number of searches across time. What should be done to increase scheduled search capacity on the search head cluster?
- A: Create a job server on the cluster.
- B: Add another search head to the cluster.
- C: server.conf captain_is_adhoc_searchhead = true.
- D: Change limits.conf value for max_searches_per_cpu to a higher value.
Question 16
The frequency in which a deployment client contacts the deployment server is controlled by what?
- A: polling_interval attribute in outputs.conf
- B: phoneHomeIntervalInSecs attribute in outputs.conf
- C: polling_interval attribute in deploymentclient.conf
- D: phoneHomeIntervalInSecs attribute in deploymentclient.conf
Question 17
To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?
- A: repFactor = 0
- B: replicate = 0
- C: repFactor = auto
- D: replicate = auto
Question 18
Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)
- A: Check serverclass.conf of the deployment server.
- B: Check deploymentclient.conf of the deployment client.
- C: Check the content of SPLUNK_HOME/etc/apps of the deployment server.
- D: Search for relevant events in splunkd.log of the deployment server.
Question 19
Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?
- A: Data encryption between Splunk Web and splunkd.
- B: Certificate authentication between forwarders and indexers.
- C: Certificate authentication between Splunk Web and search head.
- D: Data encryption for distributed search between search heads and indexers.
That’s the end of your free questions
You’ve reached the preview limit for SPLK-2002Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!