Which of the following statements describe search head clustering? (Select all that apply.)
A. A deployer is required.
B. At least three search heads are needed.
C. Search heads must meet the high-performance reference server requirements.
D. The deployer must have sufficient CPU and network resources to process service requests and push configurations.
Which of the following tasks should the architect perform when building a deployment plan? (Select all that apply.)
A. Use case checklist.
B. Install Splunk apps.
C. Inventory data sources.
D. Review network topology.
Because Splunk indexing is read/write intensive, it is important to select the appropriate disk storage solution for each deployment. Which of the following statements is accurate about disk storage?
A. High performance SAN should never be used.
B. Enable NFS for storing hot and warm buckets.
C. The recommended RAID setup is RAID 10 (1 + 0).
D. Virtualized environments are usually preferred over bare metal for Splunk indexers.
Which of the following options can improve reliability of syslog delivery to Splunk? (Select all that apply.)
A. Use TCP syslog.
B. Configure UDP inputs on each Splunk indexer to receive data directly.
C. Use a network load balancer to direct syslog traffic to active backend syslog listeners.
D. Use one or more syslog servers to persist data with a Universal Forwarder to send the data to Splunk indexers.
What is the logical first step when starting a deployment plan?
A. Inventory the currently deployed logging infrastructure.
B. Determine what apps and use cases will be implemented.
C. Gather statistics on the expected adoption of Splunk for sizing.
D. Collect the initial requirements for the deployment from all stakeholders.
When Splunk is installed, where are the internal indexes stored by default?
A. SPLUNK_HOME/bin
B. SPLUNK_HOME/var/lib
C. SPLUNK_HOME/var/run
D. SPLUNK_HOME/etc/system/default
What is a Splunk Job? (Select all that apply.)
A. A user-defined Splunk capability.
B. Searches that are subjected to some usage quota.
C. A search process kicked off via a report or an alert.
D. A child OS process manifested from the splunkd process.
A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)
A. The field was extracted as a private knowledge object.
B. The events are tagged as communicate, but are missing the network tag.
C. The Typing Queue, which does regular expression replacements, is blocked.
D. The colleague did not explicitly use the field in the search and the search was set to Fast Mode.
Which two sections can be expanded using the Search Job Inspector?
A. Execution costs.
B. Saved search history.
C. Search job properties.
D. Optimization suggestions.
What is the default log size for Splunk internal logs?
A. 10MB
B. 20 MB
C. 25MB
D. 30MB
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-2002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.