SPLK-2002(205Q) Exam Questions

Where does the Splunk deployer send apps by default?

If .delta replication fails during knowledge bundle replication, what is the fall-back method for Splunk?

In splunkd. log events written to the _internal index, which field identifies the specific log channel?

Which props.conf setting has the least impact on indexing performance?

A search head cluster member contains the following in its server .conf. What is the Splunk server name of this member?

As of Splunk 9.0, which index records changes to . conf files?

Which instance can not share functionality with the deployer?

(A customer has a Splunk Enterprise deployment and wants to collect data from universal forwarders. What is the best step to secure log traffic?)

(Which btool command will identify license master configuration errors for a search peer cluster node?)

(The performance of a specific search is performing poorly. The search must run over All Time and is expected to have very few results. Analysis shows that the search accesses a ve...

(Which command is used to initially add a search head to a single-site indexer cluster?)

(A customer wishes to keep costs to a minimum, while still implementing Search Head Clustering (SHC). What are the minimum supported architecture standards?)

(What is a recommended way to improve search performance?)

(Which of the following is a minimum search head specification for a distributed Splunk environment?)

(A high-volume source and a low-volume source feed into the same index. Which of the following items best describe the impact of this design choice?)

(If a license peer cannot communicate to a license manager for 72 hours or more, what will happen?)

(Which deployer push mode should be used when pushing built-in apps?)

(A customer has converted a CSV lookup to a KV Store lookup. What must be done to make it available for an automatic lookup?)

(Which of the following data sources are used for the Monitoring Console dashboards?)

(Based on the data sizing and retention parameters listed below, which of the following will correctly calculate the index storage required?) - Daily rate = 20 GB / day - Compress...

(A customer creates a saved search that runs on a specific interval. Which internal Splunk log should be viewed to determine if the search ran recently?)

(Which of the following must be included in a deployment plan?)

(Which index does Splunk use to record user activities?)

(If the maxDataSize attribute is set to auto_high_volume in indexes.conf on a 64-bit operating system, what is the maximum hot bucket size?)

(Which of the following is a benefit of using SmartStore?)

(A new Splunk Enterprise deployment is being architected, and the customer wants to ensure that the data to be indexed is encrypted. Where should TLS be turned on in the Splunk dep...

(When determining where a Splunk forwarder is trying to send data, which of the following searches can provide assistance?)

(What command will decommission a search peer from an indexer cluster?)

(Which Splunk component allows viewing of the LISPY to assist in debugging Splunk searches?)

(On which Splunk components does the Splunk App for Enterprise Security place the most load?)

(What is the best way to configure and manage receiving ports for clustered indexers?)

(Which of the following is not facilitated by the deployer?)

(Which of the following is a valid way to determine if a new bundle push will trigger a rolling restart?)

(An admin removed and re-added search head cluster (SHC) members as part of patching the operating system. When trying to re-add the first member, a script reverted the SHC member...

(How can a Splunk admin control the logging level for a specific search to get further debug information?)

(What are the possible values for the mode attribute in server.conf for a Splunk server in the [clustering] stanza?)

(Which of the following has no impact on search performance?)

(Which indexes.conf attribute would prevent an index from participating in an indexer cluster?)

(It is possible to lose UI edit functionality after manually editing which of the following files in the deployment server?)

(When planning user management for a new Splunk deployment, which task can be disregarded?)

(What is the expected performance reduction when architecting Splunk in a virtualized environment instead of a physical environment?)

(Where can files be placed in a configuration bundle on a search peer that will persist after a new configuration bundle has been deployed?)

(How is the search log accessed for a completed search job?)

(A customer has an environment with a Search Head Cluster and an indexer cluster. They are troubleshooting license usage data, including indexed volume in bytes per pool, index, ho...

What is the recommended order of activities in the Splunk deployment process?

A customer has a multisite cluster with site1 and site2 configured. They want to configure search heads in these sites to get search results only from data stored on their local si...

A customer has a Search Head Cluster (SHC) with site1 and site2. Site1 has five search heads and Site2 has four. Site1 search heads are preferred captains. What action should be ta...

Which Splunk cluster feature requires additional indexer storage?

A customer plans to have 20,000 Splunk-managed forwarders. What is a common step to ensure Splunk forwarder management performance is not impacted?

Buttercup Games has a multi-site indexer cluster. Site 1, which hosts the Cluster Manager, experiences a DNS failure. Site 2 is unable to reach Site 1. What happens to searching at...