SPLK-2002試験無料問題集（160題）「Splunk Enterprise Certified Architect 認定」

出題：1

Which of the following configuration attributes must be set in server, conf on the cluster manager in a single-site indexer cluster?

A. replication_factor

B. site

C. master_uri

D. site_replication_factor

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Other than high availability, which of the following is a benefit of search head clustering?

A. Automatic replication of user knowledge objects.

B. Input settings are synchronized between search heads.

C. Allows indexers to maintain multiple searchable copies of all data.

D. Fewer network ports are required to be opened between search heads.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?

A. Look for slow searches and reschedule them to run during an off-peak time.

B. Add more search heads and redistribute users based on the search type.

C. Add more search peers and make sure forwarders distribute data evenly across all indexers.

D. Replace the indexer storage to solid state drives (SSD).

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

A. Use a Splunk forwarder to collect the input on port 514 and forward the data.

B. Use a Splunk indexer to collect a network input on port 514 directly.

C. Configure syslog to send the data to multiple Splunk indexers.

D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?

A. replicate = 0

B. repFactor = auto

C. repFactor = 0

D. replicate = auto

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

When Splunk indexes data in a non-clustered environment, what kind of files does it create by default?

A. Index and .tsidx files.

B. Compressed and meta data files.

C. Compressed and .tsidx files.

D. Rawdata and index files.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

When using the props.conf LINE_BREAKER attribute to delimit multi-line events, the SHOULD_LINEMERGE attribute should be set to what?

A. None

B. True

C. Auto

D. False

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What information is needed about the current environment before deploying Splunk? (select all that apply)

A. Key users.

B. Overall goals for the deployment.

C. Data sources.

D. List of vendors for network devices.

正解：A,B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

An index has large text log entries with many unique terms in the raw data. Other than the raw data, which index components will take the most space?

A. Index files (*. tsidx files).

B. Bloom filters (bloomfilter files).

C. Index source metadata (sources.data files).

D. Index sourcetype metadata (SourceTypes. data files).

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

New data has been added to a monitor input file. However, searches only show older data.
Which splunkd. log channel would help troubleshoot this issue?

A. Modularlnputs

B. ArchiveProcessor

C. TailingProcessor

D. ChunkedLBProcessor

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-2002試験無料問題集「Splunk Enterprise Certified Architect 認定」