Splunk SPLK-3003 Exam Practice Test Instant Access

Question 1

A customer's deployment server is overwhelmed with forwarder connections after adding an additional 1000 clients. The default phone home interval is set to 60 seconds. To reduce the number of connection failures to the DS what is recommended?

ACreate a tiered deployment server topology.

BReduce the phone home interval to 6 seconds.

CLeave the phone home interval at 60 seconds.

DIncrease the phone home interval to 600 seconds.

Answer : A

Question 2

What is the primary driver behind implementing indexer clustering in a customer's environment?

ATo improve resiliency as the search load increases.

BTo reduce indexing latency.

CTo scale out a Splunk environment to offer higher performance capability.

DTo provide higher availability for buckets of data.

Answer : D

Question 3

A customer has a multisite cluster (two sites, each site in its own data center) and users experiencing a slow response when searches are run on search heads located in either site. The Search Job Inspector shows the delay is being caused by search heads on either site waiting for results to be returned by indexers on the opposing site. The network team has confirmed that there is limited bandwidth available between the two data centers, which are in different geographic locations.

Which of the following would be the least expensive and easiest way to improve search performance?

AConfigure site_search_factor to ensure a searchable copy exists in the local site for each search head.

BMove all indexers and search heads in one of the data centers into the same site.

CInstall a network pipe with more bandwidth between the two data centers.

DSet the site setting on each indexer in the server.conf clustering stanza to be the same for all indexers regardless of site.

Answer : A

Question 4

A customer has been using Splunk for one year, utilizing a single/all-in-one instance. This single Splunk server is now struggling to cope with the daily ingest rate. Also, Splunk has become a vital system in day-to-day operations making high availability a consideration for the Splunk service. The customer is unsure how to design the new environment topology in order to provide this.

Which resource would help the customer gather the requirements for their new architecture?

ADirect the customer to the docs.splunk.com and tell them that all the information to help them select the right design is documented there.

BAsk the customer to engage with the sales team immediately as they probably need a larger license.

CRefer the customer to answers.splunk.com as someone else has probably already designed a system that meets their requirements.

DRefer the customer to the Splunk Validated Architectures document in order to guide them through which approved architectures could meet their requirements.

Answer : D

Question 5

A customer would like to remove the output_file capability from users with the default user role to stop them from filling up the disk on the search head with lookup files. What is the best way to remove this capability from users?

ACreate a new role without the output_file capability that inherits the default user role and assign it to the users.

BCreate a new role with the output_file capability that inherits the default user role and assign it to the users.

CEdit the default user role and remove the output_file capability.

DClone the default user role, remove the output_file capability, and assign it to the users.

Answer : C

Question 6

Which of the following is the most efficient search?

Aindex=www status=200 uri=/cart/checkout | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

B(index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum (revenue) as total_revenue by session_id | table total_revenue session_id

Cindex=www | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

D(index=www) OR (index=sales) | search (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

Answer : B

Question 7

When adding a new search head to a search head cluster (SHC), which of the following scenarios occurs?

AThe new search head connects to the captain and replays any recent configuration changes to bring it up to date.

BThe new search head connects to the deployer and replays any recent configuration changes to bring it up to date.

CThe new search head connects to the captain and pulls the most recently deployed bundle. It then connects to the deployer and replays any recent configuration changes to bring it up to date.

DThe new search head connects to the deployer and pulls the most recently deployed bundle. It then connects to the captain and replays any recent configuration changes to bring it up to date.

Answer : C

Splunk Core Certified Consultant SPLK-3003 Exam Practice Test