Exam Splunk Enterprise Certified Architect
Number SPLK-2002
File Name Splunk Enterprise Certified Architect.Test-king.SPLK-2002.2019-10-22.1e.43q.vcex
Size 26 Kb
Posted October 22, 2019
Downloads 1

Demo Questions

Question 1
Which of the following should be included in a deployment plan? 

  • A: Business continuity and disaster recovery plans.
  • B: Current logging details and data source inventory.
  • C: Current and future topology diagrams of the IT environment.
  • D: A comprehensive list of stakeholders, either direct or indirect.

Question 2
A multi-site indexer cluster can be configured using which of the following? (Select all that apply.)

  • A: Via Splunk Web.
  • B: Directly edit SPLUNK_HOME/etc/system/local/server.conf
  • C: Run a splunk edit cluster-config command from the CLI.
  • D: Directly edit SPLUNK_HOME/etc/system/default/server.conf

Question 3
What log file would you search to verify if you suspect there is a problem interpreting a regular expression in a monitor stanza?

  • A: btool.log
  • B: metrics.log
  • C: splunkd.log
  • D: tailing_processor.log

Question 4
Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?

  • A: btool
  • B: DiagGen
  • C: SPL Clinic
  • D: Monitoring Console

Question 5
In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?

  • A: site_search_factor = origin:2, site1:2, total:4
  • B: site_search_factor = origin:2, site2:1, total:4
  • C: site_replication_factor = origin:2, site1:2, total:4
  • D: site_replication_factor = origin:2, site2:1, total:4 

Question 6
Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)

  • A: Adding search peers increases the maximum size of search results.
  • B: Adding RAM to an existing search heads provides additional search capacity.
  • C: Adding search peers increases the search throughput as search load increases.
  • D: Adding search heads provides additional CPU cores to run more concurrent searches.

Question 7
Which Splunk Enterprise offering has its own license?

  • A: Splunk Cloud Forwarder
  • B: Splunk Heavy Forwarder
  • C: Splunk Universal Forwarder
  • D: Splunk Forwarder Management

Question 8
The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index? 

  • A: rawdata is: 10%, tsidx is: 40%
  • B: rawdata is: 15%, tsidx is: 35%
  • C: rawdata is: 35%, tsidx is: 15%
  • D: rawdata is: 40%, tsidx is: 10%

Question 9
In an existing Splunk environment, the new index buckets that are created each day are about half the size of the incoming data. Within each bucket, about 30% of the space is used for rawdata and about 70% for index files. 
What additional information is needed to calculate the daily disk consumption, per indexer, if indexer clustering is implemented?

  • A: Total daily indexing volume, number of peer nodes, and number of accelerated searches.
  • B: Total daily indexing volume, number of peer nodes, replication factor, and search factor.
  • C: Total daily indexing volume, replication factor, search factor, and number of search heads.
  • D: Replication factor, search factor, number of accelerated searches, and total disk size across cluster.

Question 10
A three-node search head cluster is skipping a large number of searches across time. What should be done to increase scheduled search capacity on the search head cluster?

  • A: Create a job server on the cluster.
  • B: Add another search head to the cluster.
  • C: server.conf captain_is_adhoc_searchhead = true.
  • D: Change limits.conf value for max_searches_per_cpu to a higher value. 



