Splunk SPLK-2002 Exam Practice Test Instant Access

Question 1

What is a Splunk Job? (Select all that apply.)

AA user-defined Splunk capability.

BSearches that are subjected to some usage quota.

CA search process kicked off via a report or an alert.

DA child OS process manifested from the splunkd process.

Answer : A

Question 2

In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?

ASPLUNK_HOME/var/lib/searchpeers

BSPLUNK_HOME/var/log/searchpeers

CSPLUNK_HOME/var/run/searchpeers

DSPLUNK_HOME/var/spool/searchpeers

Answer : C

Question 3

How does the average run time of all searches relate to the available CPU cores on the indexers?

AAverage run time is independent of the number of CPU cores on the indexers.

BAverage run time decreases as the number of CPU cores on the indexers decreases.

CAverage run time increases as the number of CPU cores on the indexers decreases.

DAverage run time increases as the number of CPU cores on the indexers increases.

Answer : C

Question 4

Which of the following should be done when installing Enterprise Security on a Search Head Cluster? (Select all that apply.)

AInstall Enterprise Security on the deployer.

BInstall Enterprise Security on a staging instance.

CCopy the Enterprise Security configurations to the deployer.

DUse the deployer to deploy Enterprise Security to the cluster members.

Answer : A, D

Question 5

When converting from a single-site to a multi-site cluster, what happens to existing single-site clustered buckets?

AThey will continue to replicate within the origin site and age out based on existing policies.

BThey will maintain replication as required according to the single-site policies, but never age out.

CThey will be replicated across all peers in the multi-site cluster and age out based on existing policies.

DThey will stop replicating within the single-site and remain on the indexer they reside on and age out according to existing policies.

Answer : B

Question 6

Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)

AFree licenses do not support clustering.

BReplicated data does not count against licensing.

CEach cluster member requires its own clustering license.

DCluster members must share the same license pool and license master.

Answer : B, D

Question 7

Which of the following is a way to exclude search artifacts when creating a diag?

ASPLUNK_HOME/bin/splunk diag --exclude

BSPLUNK_HOME/bin/splunk diag --debug --refresh

CSPLUNK_HOME/bin/splunk diag --disable=dispatch

DSPLUNK_HOME/bin/splunk diag --filter-searchstrings

Answer : A

Splunk SPLK-2002 Splunk Enterprise Certified Architect Exam Practice Test