SPLK-2002 Online Practice Questions and Answers

Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?

A. Increasing the search factor in the cluster.

B. Increasing the replication factor in the cluster.

C. Increasing the number of search heads in the cluster.

D. Increasing the number of CPUs on the indexers in the cluster.

A customer has installed a 500GB Enterprise license. They also purchased and installed a 300GB, no enforcement license on the same license master. How much data can the customer ingest before search is locked out?

A. 300GB. After this limit, search is locked out.

B. 500GB. After this limit, search is locked out.

C. 800GB. After this limit, search is locked out.

D. Search is not locked out. Violations are still recorded.

What is the minimum reference server specification for a Splunk indexer?

A. 12 CPU cores, 12GB RAM, 800 IOPS

B. 16 CPU cores, 16GB RAM, 800 IOPS

C. 24 CPU cores, 16GB RAM, 1200 IOPS

D. 28 CPU cores, 32GB RAM, 1200 IOPS

Which of the following are true statements about Splunk indexer clustering?

A. All peer nodes must run exactly the same Splunk version.

B. The master node must run the same or a later Splunk version than search heads.

C. The peer nodes must run the same or a later Splunk version than the master node.

D. The search head must run the same or a later Splunk version than the peer nodes.

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

A. Configure syslog to send the data to multiple Splunk indexers.

B. Use a Splunk indexer to collect a network input on port 514 directly.

C. Use a Splunk forwarder to collect the input on port 514 and forward the data.

D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?

A. Disables search site affinity.

B. Sets all members to dynamic captaincy.

C. Enables multisite search artifact replication.

D. Enables automatic search site affinity discovery.

Which of the following is a best practice to maximize indexing performance?

A. Use automatic sourcetyping.

B. Use the Splunk default settings.

C. Not use pre-trained source types.

D. Minimize configuration generality.

Of the following types of files within an index bucket, which file type may consume the most disk?

A. Rawdata

B. Bloom filter

C. Metadata (.data)

D. Inverted index (.tsidx)

Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest precedence?

A. System local directory.

B. System default directory.

C. App local directories, in ASCII order.

D. App default directories, in ASCII order.

Which of the following is an indexer clustering requirement?

A. Must use shared storage.

B. Must reside on a dedicated rack.

C. Must have at least three members.

D. Must share the same license pool.