Splunk SPLK-2002 Exam Practice Test Instant Access

Question 1

What is a Splunk Job? (Select all that apply.)

AA user-defined Splunk capability.

BSearches that are subjected to some usage quota.

CA search process kicked off via a report or an alert.

DA child OS process manifested from the splunkd process.

Answer : A

Question 2

In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s)?

ASPLUNK_HOME/var/lib/searchpeers

BSPLUNK_HOME/var/log/searchpeers

CSPLUNK_HOME/var/run/searchpeers

DSPLUNK_HOME/var/spool/searchpeers

Answer : C

Question 3

How does the average run time of all searches relate to the available CPU cores on the indexers?

AAverage run time is independent of the number of CPU cores on the indexers.

BAverage run time decreases as the number of CPU cores on the indexers decreases.

CAverage run time increases as the number of CPU cores on the indexers decreases.

DAverage run time increases as the number of CPU cores on the indexers increases.

Answer : C

Question 4

Which of the following should be done when installing Enterprise Security on a Search Head Cluster? (Select all that apply.)

AInstall Enterprise Security on the deployer.

BInstall Enterprise Security on a staging instance.

CCopy the Enterprise Security configurations to the deployer.

DUse the deployer to deploy Enterprise Security to the cluster members.

Answer : A, D

Question 5

When converting from a single-site to a multi-site cluster, what happens to existing single-site clustered buckets?

AThey will continue to replicate within the origin site and age out based on existing policies.

BThey will maintain replication as required according to the single-site policies, but never age out.

CThey will be replicated across all peers in the multi-site cluster and age out based on existing policies.

DThey will stop replicating within the single-site and remain on the indexer they reside on and age out according to existing policies.

Answer : B

Question 6

What does setting site=site0 on all Search Head Cluster members do in a multi-site indexer cluster?

ADisables search site affinity.

BSets all members to dynamic captaincy.

CEnables multisite search artifact replication.

DEnables automatic search site affinity discovery.

Answer : A

Question 7

Which of the following describe migration from single-site to multisite index replication?

AA master node is required at each site.

BMultisite policies apply to new data only.

CSingle-site buckets instantly receive the multisite policies.

DMultisite total values should not exceed any single-site factors.

Answer : D

Splunk SPLK-2002 Splunk Enterprise Certified Architect Exam Practice Test