SPLK-3003試験無料問題集（85題）「Splunk Core Certified Consultant 認定」

出題：1

A customer has downloaded the Splunk App for AWS from Splunkbase and installed it in a search head cluster following the instructions using the deployer. A power user modifies a dashboard in the app on one of the search head cluster members. The app containing an updated dashboard is upgraded to the latest version by following the instructions via the deployer.
What happens?

A. The updated dashboard will be available to the power user.

B. Applying the search head cluster bundle will fail due to the conflict.

C. The updated dashboard will not be available to the power user; they will see their modified version.

D. The updated dashboard will not be deployed globally to all users, due to the conflict with the power user's modified version of the dashboard.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A customer has 30 indexers in an indexer cluster configuration and two search heads. They are working on writing SPL search for a particular use-case, but are concerned that it takes too long to run for short time durations.
How can the Search Job Inspector capabilities be used to help validate and understand the customer concerns?

A. The customer is using the transaction SPL search command, which is known to be slow.

B. Search Job Inspector cannot be used to help troubleshoot the slow performing search; customer should review index=_introspection instead.

C. Search Job Inspector provides statistics to show how much time and the number of events each indexer has processed.

D. Search Job Inspector provides a Search Health Check capability that provides an optimized SPL query the customer should try instead.

正解：C 解答を投票する

出題：3

What happens when an index cluster peer freezes a bucket?

A. All indexers with a copy of the bucket will delete it.

B. The cluster master will ensure another copy of the bucket is made on the other peers to meet the replication settings.

C. The cluster master will no longer perform fix-up activities for the bucket.

D. All indexers with a copy of the bucket will immediately roll it to frozen.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A working search head cluster has been set up and used for 6 months with just the native/local Splunk user authentication method. In order to integrate the search heads with an external Active Directory server using LDAP, which of the following statements represents the most appropriate method to deploy the configuration to the servers?

A. Log onto each search using a command line utility. Modify the authentication.conf and authorize.conf files in a base configuration app to configure the integration.

B. Configure the LDAP integration on one Search Head using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus. The configuration setting will replicate to the other nodes in the search head cluster eliminating the need to do this on the other search heads.

C. Configure the integration in a base configuration app located in shcluster-apps directory on the search head deployer, then deploy the configuration to the search heads using the splunk apply shcluster-bundle command.

D. On each search head, login and configure the LDAP integration using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus.

正解：C 解答を投票する

出題：5

Data can be onboarded using apps, Splunk Web, or the CLI.
Which is the PS preferred method?

A. Use the add data wizard in Splunk Web.

B. Create UDP input port 9997 on a UF.

C. Use a scripted input to monitor a log file.

D. Use the inputs.conf file.

正解：D 解答を投票する

出題：6

A new search head cluster is being implemented. Which is the correct command to initialize the deployer node without restarting the search head cluster peers?

A. $SPLUNK_HOME/bin/splunk apply cluster-bundle ""action stage

B. $SPLUNK_HOME/bin/splunk apply shcluster-bundle

C. $SPLUNK_HOME/bin/splunk apply shcluster-bundle ""action stage

D. $SPLUNK_HOME/bin/splunk apply cluster-bundle

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

When monitoring and forwarding events collected from a file containing unstructured textual events, what is the difference in the Splunk2Splunk payload traffic sent between a universal forwarder (UF) and indexer compared to the Splunk2Splunk payload sent between a heavy forwarder (HF) and the indexer layer?
(Assume that the file is being monitored locally on the forwarder.)

A. The UF will generally send the payload in the same format, but only when the sourcetype is specified in the inputs.conf and EVENT_BREAKER_ENABLE is set to true.

B. The UF sends a stream of data containing one set of medata fields to represent the entire stream, whereas the HF sends individual events, each with their own metadata fields attached, resulting in a lager payload.

C. The HF sends a stream of 64K TCP chunks with one set of metadata fields attached to represent the entire stream, whereas the UF sends individual events, each with their own metadata fields attached.

D. The payload format sent from the UF versus the HF is exactly the same. The payload size is identical because they're both sending 64K chunks.

正解：B 解答を投票する

出題：8

In which of the following scenarios is a subsearch the most appropriate?

A. When dynamically filtering hosts.

B. When joining multiple large datasets.

C. When filtering indexed fields.

D. When joining results from multiple indexes.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-3003試験無料問題集「Splunk Core Certified Consultant 認定」