SPLK-2002 Online Practice Questions and Answers

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?

A. site_search_factor = origin:2, site1:2, total:4

B. site_search_factor = origin:2, site2:1, total:4

C. site_replication_factor = origin:2, site1:2, total:4

D. site_replication_factor = origin:2, site2:1, total:4

The frequency in which a deployment client contacts the deployment server is controlled by what?

A. polling_interval attribute in outputs.conf

B. phoneHomeIntervalInSecs attribute in outputs.conf

C. polling_interval attribute in deploymentclient.conf

D. phoneHomeIntervalInSecs attribute in deploymentclient.conf

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A. Check serverclass.conf of the deployment server.

B. Check deploymentclient.conf of the deployment client.

C. Check the content of SPLUNK_HOME/etc/apps of the deployment server.

D. Search for relevant events in splunkd.log of the deployment server.

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

A. Configure syslog to send the data to multiple Splunk indexers.

B. Use a Splunk indexer to collect a network input on port 514 directly.

C. Use a Splunk forwarder to collect the input on port 514 and forward the data.

D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.

Which Splunk internal index contains license-related events?

A. _audit

B. _license

C. _internal

D. _introspection

To optimize the distribution of primary buckets; when does primary rebalancing automatically occur? (Select all that apply.)

A. Rolling restart completes.

B. Master node rejoins the cluster.

C. Captain joins or rejoins cluster.

D. A peer node joins or rejoins the cluster.

In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?

A. Input

B. Search

C. Parsing

D. Indexing

Which server.conf attribute should be added to the master node's server.conf file when decommissioning a site in an indexer cluster?

A. site_mappings

B. available_sites

C. site_search_factor

D. site_replication_factor

When converting from a single-site to a multi-site cluster, what happens to existing single-site clustered buckets?

A. They will continue to replicate within the origin site and age out based on existing policies.

B. They will maintain replication as required according to the single-site policies, but never age out.

C. They will be replicated across all peers in the multi-site cluster and age out based on existing policies.

D. They will stop replicating within the single-site and remain on the indexer they reside on and age out according to existing policies.

In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?

A. SPLUNK_HOME/var/lib/searchpeers

B. SPLUNK_HOME/var/log/searchpeers

C. SPLUNK_HOME/var/run/searchpeers

D. SPLUNK_HOME/var/spool/searchpeers