SPLK-2002 exam

To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?A . repFactor = 0B . replicate = 0C . repFactor = autoD . replicate = autoView AnswerAnswer: C Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/Indexer/Configurethepeerindexes

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?A . Data encryption between Splunk Web and splunkd.B . Certificate authentication between forwarders and indexers.C . Certificate authentication between Splunk Web and search head.D . Data encryption for distributed search between search...

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?A . site_search_factor = origin:2, site1:2, total:4B . site_search_factor = origin:2, site2:1, total:4C . site_replication_factor = origin:2, site1:2, total:4D . site_replication_factor = origin:2,...

A three-node search head cluster is skipping a large number of searches across time. What should be done to increase scheduled search capacity on the search head cluster?A . Create a job server on the cluster.B . Add another search head to the cluster.C . server.conf captain_is_adhoc_searchhead = true.D ....

Which Splunk tool offers a health check for administrators to evaluate the health of their Splunk deployment?A . btoolB . DiagGenC . SPL ClinicD . Monitoring ConsoleView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/Splunk/7.3.1/DMC/DMCoverview

Which of the following should be included in a deployment plan?A . Business continuity and disaster recovery plans.B . Current logging details and data source inventory.C . Current and future topology diagrams of the IT environment.D . A comprehensive list of stakeholders, either direct or indirect.View AnswerAnswer: D Explanation: Reference:...

Indexing is slow and real-time search results are delayed in a Splunk environment with two indexers and one search head. There is ample CPU and memory available on the indexers. Which of the following is most likely to improve indexing performance?A . Increase the maximum number of hot buckets in...

Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity. Which of the following options will provide the most search performance improvement?A . Replace the indexer storage to solid state drives (SSD).B . Add more search heads and redistribute users based on the search type.C...

The frequency in which a deployment client contacts the deployment server is controlled by what?A . polling_interval attribute in outputs.confB . phoneHomeIntervalInSecs attribute in outputs.confC . polling_interval attribute in deploymentclient.confD . phoneHomeIntervalInSecs attribute in deploymentclient.confView AnswerAnswer: D Explanation: Reference: https://docs.splunk.com/Documentation/SplunkCloud/7.2.7/RESTREF/RESTdeploy

When using the props.conf LINE_BREAKER attribute to delimit multi-line events, the SHOULD_LINEMERGE attribute should be set to what?A . AutoB . NoneC . TrueD . FalseView AnswerAnswer: C Explanation: Reference: https://answers.splunk.com/answers/6926/how-to-keep-data-together-as-one-event.html