Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Splunk SPLK-2002 Exam Actual Questions

The questions for SPLK-2002 were last updated at Dec. 1, 2021.
  • Viewing page 1 out of 23 pages.
  • Viewing questions 1-4 out of 94 questions

Topic 1 - Single Topic

Question #1 Topic 1

Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?

  • A. Setting the cluster search factor to N-1.
  • B. Increasing the number of buckets per index.
  • C. Decreasing the data model acceleration range.
  • D. Setting the cluster replication factor to N-1.
Reveal Solution Hide Solution   Discussion   2

Correct Answer: D
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Systemrequirements

Question #2 Topic 1

Stakeholders have identified high availability for searchable data as their top priority. Which of the following best addresses this requirement?

  • A. Increasing the search factor in the cluster.
  • B. Increasing the replication factor in the cluster.
  • C. Increasing the number of search heads in the cluster.
  • D. Increasing the number of CPUs on the indexers in the cluster.
Reveal Solution Hide Solution   Discussion   3

Correct Answer: B
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/DistSearch/SHCarchitecture

Question #3 Topic 1

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?

  • A. Replace the indexer storage to solid state drives (SSD).
  • B. Add more search heads and redistribute users based on the search type.
  • C. Look for slow searches and reschedule them to run during an off-peak time.
  • D. Add more search peers and make sure forwarders distribute data evenly across all indexers.
Reveal Solution Hide Solution   Discussion   3

Correct Answer: C

Question #4 Topic 1

A Splunk architect has inherited the Splunk deployment at Buttercup Games and end users are complaining that the events are inconsistently formatted for a web sourcetype. Further investigation reveals that not all web logs flow through the same infrastructure: some of the data goes through heavy forwarders and some of the forwarders are managed by another department.
Which of the following items might be the cause for this issue?

  • A. The search head may have different configurations than the indexers.
  • B. The data inputs are not properly configured across all the forwarders.
  • C. The indexers may have different configurations than the heavy forwarders.
  • D. The forwarders managed by the other department are an older version than the rest.
Reveal Solution Hide Solution   Discussion   5

Correct Answer: C

Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...