SPLK-2002 Online Practice Questions and Answers

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?

A. Setting the cluster search factor to N-1.

B. Increasing the number of buckets per index.

C. Decreasing the data model acceleration range.

D. Setting the cluster replication factor to N-1.

A multi-site indexer cluster can be configured using which of the following? (Select all that apply.)

A. Via Splunk Web.

B. Directly edit SPLUNK_HOME/etc/system/local/server.conf

C. Run a splunk edit cluster-config command from the CLI.

D. Directly edit SPLUNK_HOME/etc/system/default/server.conf

Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?

A. btool

B. DiagGen

C. SPL Clinic

D. Monitoring Console

In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files.

What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?

A. Total daily indexing volume, number of peer nodes, and number of accelerated searches.

B. Total daily indexing volume, number of peer nodes, replication factor, and search factor.

C. Total daily indexing volume, replication factor, search factor, and number of search heads.

D. Replication factor, search factor, number of accelerated searches, and total disk size across cluster.

Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)

A. OS settings.

B. Internal logs.

C. Customer data.

D. Configuration files.

A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk.

How many indexers are recommended for this deployment?

A. Two indexers not in a cluster, assuming users run many long searches.

B. Three indexers not in a cluster, assuming a long data retention period.

C. Two indexers clustered, assuming high availability is the greatest priority.

D. Two indexers clustered, assuming a high volume of saved/scheduled searches.

Which command is used for thawing the archive bucket?

A. Splunk collect

B. Splunk convert

C. Splunk rebuild

D. Splunk dbinspect

Which of the following is a way to exclude search artifacts when creating a diag?

A. SPLUNK_HOME/bin/splunk diag --exclude

B. SPLUNK_HOME/bin/splunk diag --debug --refresh

C. SPLUNK_HOME/bin/splunk diag --disable=dispatch

D. SPLUNK_HOME/bin/splunk diag --filter-searchstrings

Which tool(s) can be leveraged to diagnose connection problems between an indexer and forwarder? (Select all that apply.)

A. telnet

B. tcpdump

C. splunk btool

D. splunk btprobe

Which of the following tasks should the architect perform when building a deployment plan? (Select all that apply.)

A. Use case checklist.

B. Install Splunk apps.

C. Inventory data sources.

D. Review network topology.