Splunk SPLK-3003 Exam Practice Test Instant Access

Question 1

Which of the following statements applies to indexer discovery?

AThe Cluster Master (CM) can automatically discover new indexers added to the cluster.

BForwarders can automatically discover new indexers added to the cluster.

CDeployment servers can automatically configure new indexers added to the cluster.

DSearch heads can automatically discover new indexers added to the cluster.

Answer : D

Question 2

A customer has a multisite cluster (two sites, each site in its own data center) and users experiencing a slow response when searches are run on search heads located in either site. The Search Job Inspector shows the delay is being caused by search heads on either site waiting for results to be returned by indexers on the opposing site. The network team has confirmed that there is limited bandwidth available between the two data centers, which are in different geographic locations.

Which of the following would be the least expensive and easiest way to improve search performance?

AConfigure site_search_factor to ensure a searchable copy exists in the local site for each search head.

BMove all indexers and search heads in one of the data centers into the same site.

CInstall a network pipe with more bandwidth between the two data centers.

DSet the site setting on each indexer in the server.conf clustering stanza to be the same for all indexers regardless of site.

Answer : A

Question 3

A customer's deployment server is overwhelmed with forwarder connections after adding an additional 1000 clients. The default phone home interval is set to 60 seconds. To reduce the number of connection failures to the DS what is recommended?

ACreate a tiered deployment server topology.

BReduce the phone home interval to 6 seconds.

CLeave the phone home interval at 60 seconds.

DIncrease the phone home interval to 600 seconds.

Answer : A

Question 4

A customer has written the following search:

How can the search be rewritten to maximize efficiency?

AOption A

BOption B

COption C

DOption D

Answer : C

Question 5

Which of the following server.conf stanzas indicates the Indexer Discovery feature has not been fully configured (restart pending) on the Master Node?

AOption A

BOption B

COption C

DOption D

Answer : C

Question 6

A customer is having issues with truncated events greater than 64K. What configuration should be deployed to a universal forwarder (UF) to fix the issue?

ANone. Splunk default configurations will process the events as needed; the UF is not causing truncation.

BConfigure the best practice magic 6 or great 8 props.conf settings.

CEVENT_BREAKER_ENABLE and EVENT_BREAKER regular expression settings per sourcetype.

DGlobal EVENT_BREAKER_ENABLE and EVENT_BREAKER regular expression settings.

Answer : C

Question 7

What should be considered when running the following CLI commands with a goal of accelerating an index cluster migration to new hardware?

AData ingestion rate

BNetwork latency and storage IOPS

CDistance and location

DSSL data encryption

Answer : B

Splunk SPLK-3003 Splunk Core Certified Consultant Exam Practice Test