Tag - SPLK-2002 exam

Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?A . Increasing the search factor in the cluster.B . Increasing the replication factor in the cluster.C . Increasing the number of search heads in the cluster.D . Increasing the number...

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)A . Check serverclass.conf of the deployment server.B . Check deploymentclient.conf of the deployment client.C . Check the content of SPLUNK_HOME/etc/apps of the deployment server.D . Search for relevant...

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?A . Setting the cluster search factor to N-1.B . Increasing the number of buckets per index.C . Decreasing the data model acceleration range.D . Setting the cluster...

Which of the following are client filters available in serverclass.conf? (Select all that apply.)A . DNS name.B . IP address.C . Splunk server role.D . Platform (machine type).View AnswerAnswer: AB Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Filterclients#Define_filters_through_serverclass.conf

What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?A . btool.logB . metrics.logC . splunkd.logD . tailing_processor.logView AnswerAnswer: C Explanation: Reference: https://answers.splunk.com/answers/479312/how-to-edit-inputsconf-to-monitor-multiple-files-w­1.html

Which Splunk Enterprise offering has its own license?A . Splunk Cloud ForwarderB . Splunk Heavy ForwarderC . Splunk Universal ForwarderD . Splunk Forwarder ManagementView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Splexicon:Forwardinglicense

A multi-site indexer cluster can be configured using which of the following? (Select all that apply.)A . Via Splunk Web.B . Directly edit SPLUNK_HOME/etc/system/local/server.confC . Run a splunk edit cluster-config command from the CLE . Directly edit SPLUNK_HOME/etc/system/default/server.confView AnswerAnswer: AB Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Enableclustersindetail

Which component in the splunkd.log will log information related to bad event breaking?A . AudittrailB . EventBreakingC . IndexingPipelineD . AggregatorMiningProcessorView AnswerAnswer: D Explanation: Reference: https://answers.splunk.com/answers/141721/error-in-splunkd-log-breaking-event-because-limit-of­256-has-been-exceeded.html

What is the minimum reference server specification for a Splunk indexer?A . 12 CPU cores, 12GB RAM, 800 IOPSB . 16 CPU cores, 16GB RAM, 800 IOPSC . 24 CPU cores, 16GB RAM, 1200 IOPSD . 28 CPU cores, 32GB RAM, 1200 IOPSView AnswerAnswer: A Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Capacity/Referencehardware#Reference_host_specification

Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)A . OS settings.B . Internal logs.C . Customer data.D . Configuration files.View AnswerAnswer: BD Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Troubleshooting/Generateadiag