CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-2002

Free SPLK-2002 Exam Braindumps (page: 2)

Page 2 of 23
PDF with 160 Questions

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?

  1. Setting the cluster search factor to N-1.
  2. Increasing the number of buckets per index.
  3. Decreasing the data model acceleration range.
  4. Setting the cluster replication factor to N-1.

Answer(s): D


Reference:

https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Systemrequirements



Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?

  1. Increasing the search factor in the cluster.
  2. Increasing the replication factor in the cluster.
  3. Increasing the number of search heads in the cluster.
  4. Increasing the number of CPUs on the indexers in the cluster.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/Splunk/7.3.2/DistSearch/SHCarchitecture



Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?

  1. Replace the indexer storage to solid state drives (SSD).
  2. Add more search heads and redistribute users based on the search type.
  3. Look for slow searches and reschedule them to run during an off-peak time.
  4. Add more search peers and make sure forwarders distribute data evenly across all indexers.

Answer(s): C



A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web sourcetype. Further investigation reveals that not all web logs flow through the same infrastructure: some of the data goes through heavy forwarders and some of the forwarders are managed by another department. Which of the following items might be the cause for this issue?

  1. The search head may have different configurations than the indexers.
  2. The data inputs are not properly configured across all the forwarders.
  3. The indexers may have different configurations than the heavy forwarders.
  4. The forwarders managed by the other department are an older version than the rest.

Answer(s): D






Post your Comments and Discuss Splunk® SPLK-2002 exam with other Community members: