What Download SPLK-2002 Practice Test Is

NEW QUESTION 1
Stakeholders have identified high availability for searchable data as their top priority.
Which of the following best addresses this requirement?

• A. Increasing the search factor in the cluster.
• B. Increasing the replication factor in the cluster.
• C. Increasing the number of search heads in the cluster.
• D. Increasing the number of CPUs on the indexers in the cluster.

Answer: B

NEW QUESTION 2
How does IT Service Intelligence (ITSI) impact the planning of a Splunk deployment?

• A. ITSI requires a dedicated deployment server.
• B. The amount of users using ITSI will not impact performance.
• C. ITSI in a Splunk deployment does not require additional hardware resources.
• D. Depending on the Key Performance Indicators that are being tracked, additional infrastructure may be needed.

Answer: D

NEW QUESTION 3
What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

• A. btool.log
• B. metrics.log
• C. splunkd.log
• D. tailing_processor.log

Answer: C

NEW QUESTION 4
Which CLI command converts a Splunk instance to a license slave?

• A. splunk add licenses
• B. splunk list licenser-slaves
• C. splunk edit licenser-localslave
• D. splunk list licenser-localslave

Answer: C

NEW QUESTION 5
Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the _introspection index. Which of the following logs are included in this index? (Select all that apply.)

• A. audit.log
• B. metrics.log
• C. disk_objects.log
• D. resource_usage.log

Answer: CD

NEW QUESTION 6
Which command is used for thawing the archive bucket?

• A. Splunk collect
• B. Splunk convert
• C. Splunk rebuild
• D. Splunk dbinspect

Answer: C

NEW QUESTION 7
In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files.
What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?

• A. Total daily indexing volume, number of peer nodes, and number of accelerated searches.
• B. Total daily indexing volume, number of peer nodes, replication factor, and search factor.
• C. Total daily indexing volume, replication factor, search factor, and number of search heads.
• D. Replication factor, search factor, number of accelerated searches, and total disk size across cluster.

Answer: D

NEW QUESTION 8
Which of the following is an indexer clustering requirement?

• A. Must use shared storage.
• B. Must reside on a dedicated rack.
• C. Must have at least three members.
• D. Must share the same license pool.

Answer: D

NEW QUESTION 9
When configuring a Splunk indexer cluster, what are the default values for replication and search factor?

• A. replication_factor = 2search_factor = 2
• B. replication_factor = 2 searchfactor = 3
• C. replication_factor = 3search_factor = 2
• D. replication_factor = 3 searchfactor = 3

Answer: A

NEW QUESTION 10
Which of the following are client filters available in serverclass.conf? (Select all that apply.)

• A. DNS name.
• B. IP address.
• C. Splunk server role.
• D. Platform (machine type).

Answer: AB

NEW QUESTION 11
Which of the following should be done when installing Enterprise Security on a Search Head Cluster? (Select all that apply.)

• A. Install Enterprise Security on the deployer.
• B. Install Enterprise Security on a staging instance.
• C. Copy the Enterprise Security configurations to the deployer.
• D. Use the deployer to deploy Enterprise Security to the cluster members.

Answer: AD

NEW QUESTION 12
A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk. How many indexers are recommended for this deployment?

• A. Two indexers not in a cluster, assuming users run many long searches.
• B. Three indexers not in a cluster, assuming a long data retention period.
• C. Two indexers clustered, assuming high availability is the greatest priority.
• D. Two indexers clustered, assuming a high volume of saved/scheduled searches.

Answer: D

NEW QUESTION 13
In the deployment planning process, when should a person identify who gets to see network data?

• A. Deployment schedule
• B. Topology diagramming
• C. Data source inventory
• D. Data policy definition

Answer: C

NEW QUESTION 14
Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?

• A. Increase the maximum number of hot buckets in indexes.conf
• B. Increase the number of parallel ingestion pipelines in server.conf
• C. Decrease the maximum size of the search pipelines in limits.conf
• D. Decrease the maximum concurrent scheduled searches in limits.conf

Answer: D

NEW QUESTION 15
When adding or decommissioning a member from a Search Head Cluster (SHC), what is the proper order of operations?

• A. 1. Delete Splunk Enterprise, if it exists.2. Install and initialize the instance.3. Join the SHC.
• B. 1. Install and initialize the instance.2. Delete Splunk Enterprise, if it exists.3. Join the SHC.
• C. 1. Initialize cluster rebalance operation.2. Remove master node from cluster.3. Trigger replication.
• D. 1. Trigger replication.2. Remove master node from cluster.3. Initialize cluster rebalance operation.

Answer: B

NEW QUESTION 16
In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?

• A. SPLUNK_HOME/var/lib/searchpeers
• B. SPLUNK_HOME/var/log/searchpeers
• C. SPLUNK_HOME/var/run/searchpeers
• D. SPLUNK_HOME/var/spool/searchpeers

Answer: C

NEW QUESTION 17
Which of the following should be included in a deployment plan?

• A. Business continuity and disaster recovery plans.
• B. Current logging details and data source inventory.
• C. Current and future topology diagrams of the IT environment.
• D. A comprehensive list of stakeholders, either direct or indirect.

Answer: D

NEW QUESTION 18
Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)

• A. Adding search peers increases the maximum size of search results.
• B. Adding RAM to an existing search heads provides additional search capacity.
• C. Adding search peers increases the search throughput as search load increases.
• D. Adding search heads provides additional CPU cores to run more concurrent searches.

Answer: BD

NEW QUESTION 19
When troubleshooting monitor inputs, which command checks the status of the tailed files?

• A. splunk cmd btool inputs list | tail
• B. splunk cmd btool check inputs layer
• C. curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus
• D. curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:Tailstatus

Answer: C

NEW QUESTION 20
Which index-time props.conf attributes impact indexing performance? (Select all that apply.)

• A. REPORT
• B. LINE_BREAKER
• C. ANNOTATE_PUNCT
• D. SHOULD_LINEMERGE

Answer: BD

NEW QUESTION 21
When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member.
What corrective action should be taken?

• A. Restart the search head.
• B. Run the splunk apply shcluster-bundle command from the deployer.
• C. Run the clean raft command on all members of the search head cluster.
• D. Run the splunk resync shcluster-replicated-config command on this member.

Answer: B

NEW QUESTION 22
......