Splunk SPLK-3003 Exam Practice Test Instant Access

Question 1

A new single-site three indexer cluster is being stood up with replication_factor:2, search_factor:2. At which step would the Indexer Cluster be classed as 'Indexing Ready' and be able to ingest new data?

Step 1: Install and configure Cluster Master (CM)/Master Node with base clustering stanza settings, restarting CM.

Step 2: Configure a base app in etc/master-apps on the CM to enable a splunktcp input on port 9997 and deploy index creation configurations.

Step 3: Install and configure Indexer 1 so that once restarted, it contacts the CM, download the latest config bundle.

Step 4: Indexer 1 restarts and has successfully joined the cluster.

Step 5: Install and configure Indexer 2 so that once restarted, it contacts the CM, downloads the latest config bundle

Step 6: Indexer 2 restarts and has successfully joined the cluster.

Step 7: Install and configure Indexer 3 so that once restarted, it contacts the CM, downloads the latest config bundle.

Step 8: Indexer 3 restarts and has successfully joined the cluster.

AStep 2

BStep 4

CStep 6

DStep 8

Answer : A

Question 2

A customer has a Universal Forwarder (UF) with an inputs.conf monitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer. Where does the Index time parsing occur?

AIndexer

BUniversal forwarder

CSearch head

DHeavy forwarder

Answer : D

Question 3

A customer's deployment server is overwhelmed with forwarder connections after adding an additional 1000 clients. The default phone home interval is set to 60 seconds. To reduce the number of connection failures to the DS what is recommended?

ACreate a tiered deployment server topology.

BReduce the phone home interval to 6 seconds.

CLeave the phone home interval at 60 seconds.

DIncrease the phone home interval to 600 seconds.

Answer : A

Question 4

In the diagrammed environment shown below, the customer would like the data read by the universal forwarders to set an indexed field containing the UF's host name. Where would the parsing configurations need to be installed for this to work?

AAll universal forwarders.

BOnly the indexers.

CAll heavy forwarders.

DOn all parsing Splunk instances.

Answer : D

Question 5

In which directory should base config app(s) be placed to initialize an indexer?

A$SPLUNK_HOME/etc/

B$SPLUNK_HOME/etc/apps

C$SPLUNK_HOME/etc/system/local

D$SPLUNK_HOME/etc/slave-apps

Answer : B

Question 6

A customer has a search cluster (SHC) of six members split evenly between two data centers (DC). The customer is concerned with network connectivity between the two DCs due to frequent outages. Which of the following is true as it relates to SHC resiliency when a network outage occurs between the two DCs?

AThe SHC will function as expected as the SHC deployer will become the new captain until the network communication is restored.

BThe SHC will stop all scheduled search activity within the SHC.

CThe SHC will function as expected as the minimum required number of nodes for a SHC is 3.

DThe SHC will function as expected as the SHC captain will fall back to previous active captain in the remaining site.

Answer : D

Question 7

Which statement is true about subsearches?

ASubsearches are faster than other types of searches.

BSubsearches work best for joining two large result sets.

CSubsearches run at the same time as their outer search.

DSubsearches work best for small result sets.

Answer : D

Splunk SPLK-3003 Splunk Core Certified Consultant Exam Practice Test