SPLK-2002(205Q) Exam Questions

Which of the following configuration attributes must be set in server, conf on the cluster manager in a single-site indexer cluster?

An index has large text log entries with many unique terms in the raw data. Other than the raw data, which index components will take the most space?

A search head cluster with a KV store collection can be updated from where in the KV store collection?

Which of the following items are important sizing parameters when architecting a Splunk environment? (select all that apply)

If there is a deployment server with many clients and one deployment client is not updating apps, which of the following should be done first?

When should a Universal Forwarder be used instead of a Heavy Forwarder?

Which of the following most improves KV Store resiliency?

Which of the following Splunk deployments has the recommended minimum components for a high- availability search head cluster?

What is needed to ensure that high-velocity sources will not have forwarding delays to the indexers?

Users who receive a link to a search are receiving an "Unknown sid" error message when they open the link. Why is this happening?

Why should intermediate forwarders be avoided when possible?

A Splunk deployment is being architected and the customer will be using Splunk Enterprise Security (ES) and Splunk IT Service Intelligence (ITSI). Through data onboarding and sizin...

How can internal logging levels in a Splunk environment be changed to troubleshoot an issue? (select all that apply)

Other than high availability, which of the following is a benefit of search head clustering?

By default, what happens to configurations in the local folder of each Splunk app when it is deployed to a search head cluster?

A Splunk environment collecting 10 TB of data per day has 50 indexers and 5 search heads. A single- site indexer cluster will be implemented. Which of the following is a best pract...

Which Splunk log file would be the least helpful in troubleshooting a crash?

Which of the following use cases would be made possible by multi-site clustering? (select all that apply)

Which of the following would be the least helpful in troubleshooting contents of Splunk configuration files?

What is the expected minimum amount of storage required for data across an indexer cluster with the following input and parameters? - Raw data = 15 GB per day - Index files = 35 GB...

A monitored log file is changing on the forwarder. However, Splunk searches are not finding any new data that has been added. What are possible causes? (select all that apply)

Which of the following is a problem that could be investigated using the Search Job Inspector?

When troubleshooting a situation where some files within a directory are not being indexed, the ignored files are discovered to have long headers. What is the first thing that shou...

In an indexer cluster, what tasks does the cluster manager perform? (select all that apply)

New data has been added to a monitor input file. However, searches only show older data. Which splunkd. log channel would help troubleshoot this issue?

Determining data capacity for an index is a non-trivial exercise. Which of the following are possible considerations that would affect daily indexing volume? (select all that apply...

Splunk Enterprise performs a cyclic redundancy check (CRC) against the first and last bytes to prevent the same file from being re-indexed if it is rotated or renamed. What is the...

Users are asking the Splunk administrator to thaw recently-frozen buckets very frequently. What could the Splunk administrator do to reduce the need to thaw buckets?

When should a dedicated deployment server be used?

Which Splunk internal field can confirm duplicate event issues from failed file monitoring?

What information is needed about the current environment before deploying Splunk? (select all that apply)

Which of the following options in limits, conf may provide performance benefits at the forwarding tier?

How many cluster managers are required for a multisite indexer cluster?

On search head cluster members, where in $splunk_home does the Splunk Deployer deploy app content by default?

Several critical searches that were functioning correctly yesterday are not finding a lookup table today. Which log file would be the best place to start troubleshooting?

Which of the following is a valid use case that a search head cluster addresses?

When using ingest-based licensing, what Splunk role requires the license manager to scale?

Which part of the deployment plan is vital prior to installing Splunk indexer clusters and search head clusters?

Data for which of the following indexes will count against an ingest-based license?

An indexer cluster is being designed with the following characteristics: - 10 search peers - Replication Factor (RF): 4 - Search Factor (SF): 3 - No SmartStore usage How many searc...

A customer is migrating 500 Universal Forwarders from an old deployment server to a new deployment server, with a different DNS name. The new deployment server is configured and ru...

What types of files exist in a bucket within a clustered index? (select all that apply)

When designing the number and size of indexes, which of the following considerations should be applied?

Which Splunk component is mandatory when implementing a search head cluster?

When implementing KV Store Collections in a search head cluster, which of the following considerations is true?

Which of the following is true for indexer cluster knowledge bundles?

When preparing to ingest a new data source, which of the following is optional in the data source assessment?

Where in the Job Inspector can details be found to help determine where performance is affected?

Which command should be run to re-sync a stale KV Store member in a search head cluster?

What is the best method for sizing or scaling a search head cluster?