When configuring a Splunk indexer cluster, what are the default values for replication and search factor?
A.
replication_factor = 2search_factor = 2
B.
replication_factor = 2search factor = 3
C.
replication_factor = 3search_factor = 2
D.
replication_factor = 3search factor = 3
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
Consider a use case involving firewall dat a. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installing the add-on? (Select all that apply.)
A.
Identify number of scheduled or real-time searches.
B.
Validate if this Technical Add-On enables event data for a data model.
C.
Identify the maximum number of forwarders Technical Add-On can support.
D.
Verify if Technical Add-On needs to be installed onto both a search head or indexer.
Answer:
A,C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?
A.
SPLUNK_HOME/var/lib/searchpeers
B.
SPLUNK_HOME/var/log/searchpeers
C.
SPLUNK_HOME/var/run/searchpeers
D.
SPLUNK_HOME/var/spool/searchpeers
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
How does the average run time of all searches relate to the available CPU cores on the indexers?
A.
Average run time is independent of the number of CPU cores on the indexers.
B.
Average run time decreases as the number of CPU cores on the indexers decreases.
C.
Average run time increases as the number of CPU cores on the indexers decreases.
D.
Average run time increases as the number of CPU cores on the indexers increases.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
As a best practice, where should the internal licensing logs be stored?
A.
Indexing layer.
B.
License server.
C.
Deployment layer.
D.
Search head layer.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
Which of the following statements about integrating with third-party systems is true? (Select all that apply.)
A.
A Hadoop application can search data in Splunk.
B.
Splunk can search data in the Hadoop File System (HDFS).
C.
You can use Splunk alerts to provision actions on a third-party system.
D.
You can forward data from Splunk forwarder to a third-party system without indexing it first.
Answer:
C,D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
What is the algorithm used to determine captaincy in a Splunk search head cluster?
A.
Raft distributed consensus.
B.
Rapt distributed consensus.
C.
Rift distributed consensus.
D.
Round-robin distribution consensus.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Which of the following is an indexer clustering requirement?
A.
Must use shared storage.
B.
Must reside on a dedicated rack.
C.
Must have at least three members.
D.
Must share the same license pool.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest precedence?
A.
System local directory.
B.
System default directory.
C.
App local directories, in ASCII order.
D.
App default directories, in ASCII order.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Which of the following should be done when installing Enterprise Security on a Search Head Cluster? (Select all that apply.)
A.
Install Enterprise Security on the deployer.
B.
Install Enterprise Security on a staging instance.
C.
Copy the Enterprise Security configurations to the deployer.
D.
Use the deployer to deploy Enterprise Security to the cluster members.
Answer:
A,D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
When converting from a single-site to a multi-site cluster, what happens to existing single-site clustered buckets?
A.
They will continue to replicate within the origin site and age out based on existing policies.
B.
They will maintain replication as required according to the single-site policies, but never age out.
C.
They will be replicated across all peers in the multi-site cluster and age out based on existing policies.
D.
They will stop replicating within the single-site and remain on the indexer they reside on and age out according to existing policies.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Of the following types of files within an index bucket, which file type may consume the most disk?
A.
Rawdata
B.
Bloom filter
C.
Metadata (.data)
D.
Inverted index (.tsidx)
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
When should multiple search pipelines be enabled?
A.
Only if disk IOPS is at 800 or better.
B.
Only if there are fewer than twelve concurrent users.
C.
Only if running Splunk Enterprise version 6.6 or later.
D.
Only if CPU and memory resources are significantly under-utilized.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Which of the following is a best practice to maximize indexing performance?
A.
Use automatic sourcetyping.
B.
Use the Splunk default settings.
C.
Not use pre-trained source types.
D.
Minimize configuration generality.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
When troubleshooting monitor inputs, which command checks the status of the tailed files?
A.
splunk cmd btool inputs list | tail
B.
splunk cmd btool check inputs layer
C.
curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:FileStatus
D.
curl https://serverhost:8089/services/admin/inputstatus/TailingProcessor:Tailstatus