一番最新のSplunk SPLK-2002試験問題集PDFには2023年更新 [Q45-Q68]

一番最新のSplunk SPLK-2002試験問題集PDFには2023年更新

100%無料Splunk Enterprise Certified Architect SPLK-2002問題集PDFお試しサンプル認定ガイドがカバーされます

質問 45
In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?

• A. Indexing
• B. Input
• C. Search
• D. Parsing

正解: D

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/
Configurationparametersandthedatapipeline

 

質問 46
When planning a search head cluster, which of the following is true?

• A. All indexers must belong to the underlying indexer cluster (no standalone indexers).
• B. All search heads must use the same operating system.
• C. All search heads must be members of the cluster (no standalone search heads).
• D. The search head captain must be assigned to the largest search head in the cluster.

正解: D

解説:
Explanation

 

質問 47
Which of the following clarification steps should be taken if apps are not appearing on a deployment client?
(Select all that apply.)

• A. Check serverclass.confof the deployment server.
• B. Check the content of SPLUNK_HOME/etc/appsof the deployment server.
• C. Check deploymentclient.confof the deployment client.
• D. Search for relevant events in splunkd.logof the deployment server.

正解: A,B,C

解説:
Explanation/Reference: https://answers.splunk.com/answers/177021/why-is-deployment-client-not-picking-up-changes- to.html

 

質問 48
A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf:
[clustering]
mode = master
replication_factor = 2
pass4SymmKey = password123
Which of the following statements describe this Splunk instance? (Select all that apply.)

• A. This is a multi-site cluster.
• B. This cluster's search factor is 2.
• C. This Splunk instance needs to be restarted.
• D. This instance is missing the master_uriattribute.

正解: C,D

 

質問 49
In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?

• A. site_replication_factor = origin:2, site2:1, total:4
• B. site_search_factor = origin:2, site2:1, total:4
• C. site_search_factor = origin:2, site1:2, total:4
• D. site_replication_factor = origin:2, site1:2, total:4

正解: A

 

質問 50
A customer has installed a 500GB Enterprise license. They also purchased and installed a 300GB, no enforcement license on the same license master. How much data can the customer ingest before search is locked out?

• A. 500GB. After this limit, search is locked out.
• B. 300GB. After this limit, search is locked out.
• C. Search is not locked out. Violations are still recorded.
• D. 800GB. After this limit, search is locked out.

正解: C

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/TypesofSplunklicenses

 

質問 51
Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)

• A. Cluster members must share the same license pool and license master.
• B. Each cluster member requires its own clustering license.
• C. Replicated data does not count against licensing.
• D. Free licenses do not support clustering.

正解: A,C

 

質問 52
A customer has installed a 500GB Enterprise license. They also purchased and installed a 300GB, no enforcement license on the same license master. How much data can the customer ingest before search is locked out?

• A. 500GB. After this limit, search is locked out.
• B. 300GB. After this limit, search is locked out.
• C. Search is not locked out. Violations are still recorded.
• D. 800GB. After this limit, search is locked out.

正解: C

 

質問 53
Which of the following is true regarding Splunk Enterprise performance? (Select all that apply.)

• A. Adding search peers increases the search throughput as search load increases.
• B. Adding search heads provides additional CPU cores to run more concurrent searches.
• C. Adding RAM to an existing search heads provides additional search capacity.
• D. Adding search peers increases the maximum size of search results.

正解: B,C

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Capacity/ HowsavedsearchesaffectSplunkEnterpriseperformance

 

質問 54
Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its
capacity. Which of the following options will provide the most search performance improvement?

• A. Add more search peers and make sure forwarders distribute data evenly across all indexers.
• B. Add more search heads and redistribute users based on the search type.
• C. Look for slow searches and reschedule them to run during an off-peak time.
• D. Replace the indexer storage to solid state drives (SSD).

正解: C

 

質問 55
Which search will show all deployment client messages from the client (UF)?

• A. index=_internal component=DS* host=<ds> | stats count by message
• B. index=_audit component=DC* host=<uf> | stats count by message
• C. index=_internal component= DC* host=<uf> | stats count by message
• D. index=_audit component=DC* host=<ds> | stats count by message

正解: A

 

質問 56
Which of the following are true statements about Splunk indexer clustering?

• A. All peer nodes must run exactly the same Splunk version.
• B. The peer nodes must run the same or a later Splunk version than the master node.
• C. The master node must run the same or a later Splunk version than search heads.
• D. The search head must run the same or a later Splunk version than the peer nodes.

正解: C

 

質問 57
What is the algorithm used to determine captaincy in a Splunk search head cluster?

• A. Raft distributed consensus.
• B. Rapt distributed consensus.
• C. Rift distributed consensus.
• D. Round-robin distribution consensus.

正解: A

 

質問 58
A search head has successfully joined a single site indexer cluster. Which command is used to configure the same search head to join another indexer cluster?

• A. splunk edit cluster-master
• B. splunk add cluster-config
• C. splunk edit cluster-config
• D. splunk add cluster-master

正解: D

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Configuremulti-clustersearch

 

質問 59
Which command will permanently decommission a peer node operating in an indexer cluster?

• A. splunk offline --enforce-counts
• B. splunk offline -f
• C. splunk stop -f
• D. splunk decommission --enforce counts

正解: A

 

質問 60
When adding or rejoining a member to a search head cluster, the following error is displayed:
Error pulling configurations from the search head cluster captain; consider performing a destructive configuration resync on this search head cluster member.
What corrective action should be taken?

• A. Run the splunk resync shcluster-replicated-config command on this member.
• B. Run the clean raft command on all members of the search head cluster.
• C. Restart the search head.
• D. Run the splunk apply shcluster-bundle command from the deployer.

正解: A

解説:
Explanation
https://community.splunk.com/t5/Deployment-Architecture/How-to-resolve-error-quot-Error-pulling-configurati

 

質問 61
In the deployment planning process, when should a person identify who gets to see network data?

• A. Topology diagramming
• B. Deployment schedule
• C. Data source inventory
• D. Data policy definition

正解: C

解説:
Explanation/Reference:

 

質問 62
Because Splunk indexing is read/write intensive, it is important to select the appropriate disk storage solution for each deployment. Which of the following statements is accurate about disk storage?

• A. Virtualized environments are usually preferred over bare metal for Splunk indexers.
• B. The recommended RAID setup is RAID 10 (1 + 0).
• C. Enable NFS for storing hot and warm buckets.
• D. High performance SAN should never be used.

正解: B

解説:
Explanation/Reference: https://www.splunk.com/pdfs/technical-briefs/splunk-deploying-vmware-tech-brief.pdf

 

質問 63
Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?

• A. Setting the cluster replication factor to N-1.
• B. Setting the cluster search factor to N-1.
• C. Increasing the number of buckets per index.
• D. Decreasing the data model acceleration range.

正解: A

 

質問 64
Which of the following can a Splunk diag contain?

• A. Splunk platform configuration details, Splunk users and their roles, current open connections, index listings
• B. KV store listings, internal Splunk log files, search peer bundles listings, indexed data
• C. Search history, Splunk users and their roles, running processes, indexed data
• D. Server specs, current open connections, internal Splunk log files, index listings

正解: D

 

質問 65
Which of the following is a best practice to maximize indexing performance?

• A. Not use pre-trained source types.
• B. Use the Splunk default settings.
• C. Minimize configuration generality.
• D. Use automatic sourcetyping.

正解: C

 

質問 66
What does the deployer do in a Search Head Cluster (SHC)? (Select all that apply.)

• A. Distributes non-search related and manual configuration file changes.
• B. Distributes runtime knowledge object changes made by users across the SHC.
• C. Distributes apps to SHC members.
• D. Bootstraps a clean Splunk install for a SHC.

正解: C

解説:
Explanation/Reference: https://docs.splunk.com/Documentation/Splunk/7.3.2/DistSearch/SHCdeploymentoverview

 

質問 67
Splunk configuration parameter settings can differ between multiple .conf files of the same name contained within different apps. Which of the following directories has the highest precedence?

• A. App local directories, in ASCII order.
• B. System default directory.
• C. App default directories, in ASCII order.
• D. System local directory.

正解: D

 

質問 68
......

更新されたのはSplunk SPLK-2002問題集PDFオンラインエンジン：https://www.jpntest.com/shiken/SPLK-2002-mondaishu