Splunk Core Certified Consultant SPLK-3003 Exam Practice Test

Page: 1 / 14
Total 85 questions
Question 1

Consider the scenario where the /var/log directory contains the files secure, messages, cron, audit. A customer has created the following inputs.conf stanzas in the same Splunk app in order to attempt to monitor the files secure and messages:

Which file(s) will actually be actively monitored?



Answer : A


Question 2

A customer is migrating their existing Splunk Indexer from an old set of hardware to a new set of indexers. What is the earliest method to migrate the system?



Answer : B


Question 3

Which command is most efficient in finding the pass4SymmKey of an index cluster?



Answer : D


Question 4

When a bucket rolls from cold to frozen on a clustered indexer, which of the following scenarios occurs?



Answer : B


Question 5

Which of the following statements is true, as it pertains to search head clustering (SHC)?



Answer : B


Question 6

The customer has an indexer cluster supporting a wide variety of search needs, including scheduled search, data model acceleration, and summary indexing. Here is an excerpt from the cluster mater's server.conf:

Which strategy represents the minimum and least disruptive change necessary to protect the searchability of the indexer cluster in case of indexer failure?



Answer : D


Question 7

When monitoring and forwarding events collected from a file containing unstructured textual events, what is the difference in the Splunk2Splunk payload traffic sent between a universal forwarder (UF) and indexer compared to the Splunk2Splunk payload sent between a heavy forwarder (HF) and the indexer layer? (Assume that the file is being monitored locally on the forwarder.)



Answer : B


Page:    1 / 14   
Total 85 questions