SPLK-2002(205Q) Exam Questions

In search head clustering, which of the following methods can you use to transfer captaincy to a different member? (Select all that apply.)

Which command is used for thawing the archive bucket?

A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf: [clustering] mode = master replication_factor = 2 pass4SymmKey = password123 Which of the...

Which of the following describe migration from single-site to multisite index replication?

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?

Which of the following is a way to exclude search artifacts when creating a diag?

Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)

When planning a search head cluster, which of the following is true?

In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?

Which server.conf attribute should be added to the master node's server.conf file when decommissioning a site in an indexer cluster?

Which tool(s) can be leveraged to diagnose connection problems between an indexer and forwarder? (Select all that apply.)

A search head has successfully joined a single site indexer cluster. Which command is used to configure the same search head to join another indexer cluster?

To improve Splunk performance, parallelIngestionPipelines setting can be adjusted on which of the following components in the Splunk architecture? (Select all that apply.)

When troubleshooting monitor inputs, which command checks the status of the tailed files?

Which of the following is a best practice to maximize indexing performance?

When should multiple search pipelines be enabled?

Of the following types of files within an index bucket, which file type may consume the most disk?

When converting from a single-site to a multi-site cluster, what happens to existing single-site clustered buckets?

Which of the following should be done when installing Enterprise Security on a Search Head Cluster? (Select all that apply.)

Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest...

Which of the following is an indexer clustering requirement?

What is the algorithm used to determine captaincy in a Splunk search head cluster?

Which of the following statements about integrating with third-party systems is true? (Select all that apply.)

As a best practice, where should the internal licensing logs be stored?

How does the average run time of all searches relate to the available CPU cores on the indexers?

In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?

Consider a use case involving firewall data. There is no Splunk-supported Technical Add-On, but the vendor has built one. What are the items that must be evaluated before installin...

When configuring a Splunk indexer cluster, what are the default values for replication and search factor?

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which...

Which two sections can be expanded using the Search Job Inspector?

What is the default log size for Splunk internal logs?

What is a Splunk Job? (Select all that apply.)

When Splunk is installed, where are the internal indexes stored by default?

Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)

What is the logical first step when starting a deployment plan?

Which of the following statements describe search head clustering? (Select all that apply.)

Which of the following tasks should the architect perform when building a deployment plan? (Select all that apply.)

Because Splunk indexing is read/write intensive, it is important to select the appropriate disk storage solution for each deployment. Which of the following statements is accurate...

Which of the following are possible causes of a crash in Splunk? (select all that apply)

Which of the following strongly impacts storage sizing requirements for Enterprise Security?

Which of the following is true regarding the migration of an index cluster from single-site to multi- site?

What information is written to the __introspection log file?

A customer has a four site indexer cluster. The customer has requirements to store five copies of searchable data, with one searchable copy of data at the origin site, and one sear...

Which of the following server. conf stanzas indicates the Indexer Discovery feature has not been fully configured (restart pending) on the Master Node? A) B) C) D)

A customer currently has many deployment clients being managed by a single, dedicated deployment server. The customer plans to double the number of clients. What could be done to m...

Following Splunk recommendations, where could the Monitoring Console (MC) be installed in a distributed deployment with an indexer cluster, a search head cluster, and 1000 forwarde...

A Splunk instance has crashed, but no crash log was generated. There is an attempt to determine what user activity caused the crash by running the following search: What does searc...

The master node distributes configuration bundles to peer nodes. Which directory peer nodes receive the bundles?

metrics. log is stored in which index?

A single-site indexer cluster has a replication factor of 3, and a search factor of 2. What is true about