Splunk SPLK-2002 시험

Question No : 1

Which of the following artifacts are included in a Splunk diag file? (Select all that apply.)

• A.OS settings.
• B.Internal logs.
• C.Customer data.
• D.Configuration files.

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Troubleshooting/Generateadiag

Question No : 2

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?

• A.Data encryption between Splunk Web and splunkd.
• B.Certificate authentication between forwarders and indexers.
• C.Certificate authentication between Splunk Web and search head.
• D.Data encryption for distributed search between search heads and indexers.

답을 확인하기

정답:

Question No : 3

What is the minimum reference server specification for a Splunk indexer?

• A.12 CPU cores, 12GB RAM, 800 IOPS
• B.16 CPU cores, 16GB RAM, 800 IOPS
• C.24 CPU cores, 16GB RAM, 1200 IOPS
• D.28 CPU cores, 32GB RAM, 1200 IOPS

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Capacity/Referencehardware#Reference_host_specification

Question No : 4

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

• A.Check serverclass.conf of the deployment server.
• B.Check deploymentclient.conf of the deployment client.
• C.Check the content of SPLUNK_HOME/etc/apps of the deployment server.
• D.Search for relevant events in splunkd.log of the deployment server.

답을 확인하기

정답:
Explanation:
Reference: https://answers.splunk.com/answers/177021/why-is-deployment-client-not-picking-up-changes­to.html

Question No : 5

To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?

• A.repFactor = 0
• B.replicate = 0
• C.repFactor = auto
• D.replicate = auto

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Configurethepeerindexes

Question No : 6

The frequency in which a deployment client contacts the deployment server is controlled by what?

• A.polling_interval attribute in outputs.conf
• B.phoneHomeIntervalInSecs attribute in outputs.conf
• C.polling_interval attribute in deploymentclient.conf
• D.phoneHomeIntervalInSecs attribute in deploymentclient.conf

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.7/RESTREF/RESTdeploy

Question No : 7

A three-node search head cluster is skipping a large number of searches across time.
What should be done to increase scheduled search capacity on the search head cluster?

• A.Create a job server on the cluster.
• B.Add another search head to the cluster.
• C.server.conf captain_is_adhoc_searchhead = true.
• D.Change limits.conf value for max_searches_per_cpu to a higher value.

답을 확인하기

정답:

Question No : 8

In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files.
What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?

• A.Total daily indexing volume, number of peer nodes, and number of accelerated searches.
• B.Total daily indexing volume, number of peer nodes, replication factor, and search factor.
• C.Total daily indexing volume, replication factor, search factor, and number of search heads.
• D.Replication factor, search factor, number of accelerated searches, and total disk size across cluster.

답을 확인하기

정답:

Question No : 9

The guidance Splunk gives for estimating size on for syslog data is 50% of original data size.
How does this divide between files in the index?

• A.rawdata is: 10%, tsidx is: 40%
• B.rawdata is: 15%, tsidx is: 35%
• C.rawdata is: 35%, tsidx is: 15%
• D.rawdata is: 40%, tsidx is: 10%

답을 확인하기

정답:
Explanation:
Reference: https://answers.splunk.com/answers/147951/what-is-the-compression-ratio-of-raw-data-in­splunk.html

Question No : 10

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers.
Which of the following is most likely to improve indexing performance?

• A.Increase the maximum number of hot buckets in indexes.conf
• B.Increase the number of parallel ingestion pipelines in server.conf
• C.Decrease the maximum size of the search pipelines in limits.conf
• D.Decrease the maximum concurrent scheduled searches in limits.conf

답을 확인하기

정답:

Question No : 11

Which of the following commands is used to clear the KV store?

• A.splunk clean kvstore
• B.splunk clear kvstore
• C.splunk delete kvstore
• D.splunk reinitialize kvstore

답을 확인하기

정답:
Explanation:
Reference: https://answers.splunk.com/answers/237859/can-i-delete-all-data-from-a-kv-store-at-once.html

Question No : 12

When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructiveconfiguration resync on this search head cluster member.
What corrective action should be taken?

• A.Restart the search head.
• B.Run the splunk apply shcluster-bundle command from the deployer.
• C.Run the clean raft command on all members of the search head cluster.
• D.Run the splunk resync shcluster-replicated-config command on this member.

답을 확인하기

정답:

Question No : 13

Which Splunk server role regulates the functioning of indexer cluster?

• A.Indexer
• B.Deployer
• C.Master Node
• D.Monitoring Console

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Deploy/Indexercluster

Question No : 14

Which component in the splunkd.log will log information related to bad event breaking?

• A.Audittrail
• B.EventBreaking
• C.IndexingPipeline
• D.AggregatorMiningProcessor

답을 확인하기

정답:
Explanation:
Reference: https://answers.splunk.com/answers/141721/error-in-splunkd-log-breaking-event-because-limit-of­256-has-been-exceeded.html

Question No : 15

Which Splunk Enterprise offering has its own license?

• A.Splunk Cloud Forwarder
• B.Splunk Heavy Forwarder
• C.Splunk Universal Forwarder
• D.Splunk Forwarder Management

답을 확인하기

정답:
Explanation:
Reference: https://docs.splunk.com/Splexicon:Forwardinglicense