SPLK-2002 Exam Questions

Total 90 Questions

Last Updated Exam : 16-Dec-2024

Which of the following should be included in a deployment plan?


A.

Business continuity and disaster recovery plans.


B.

Current logging details and data source inventory.


C.

Current and future topology diagrams of the IT environment.


D.

A comprehensive list of stakeholders, either direct or indirect





D.
  

A comprehensive list of stakeholders, either direct or indirect



Which of the following is a good practice for a search head cluster deployer?


A.

The deployer only distributes configurations to search head cluster members when they “phone home”.


B.

The deployer must be used to distribute non-replicable configurations to search head cluster members.


C.

The deployer must distribute configurations to search head cluster members to be valid configurations.


D.

The deployer only distributes configurations to search head cluster members with splunk apply
shcluster-bundle.





A.
  

The deployer only distributes configurations to search head cluster members when they “phone home”.



A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?


A.

Configure syslog to send the data to multiple Splunk indexers.


B.

Use a Splunk indexer to collect a network input on port 514 directly.


C.

Use a Splunk forwarder to collect the input on port 514 and forward the data.


D.

Configure syslog to write logs and use a Splunk forwarder to collect the logs.





D.
  

Configure syslog to write logs and use a Splunk forwarder to collect the logs.



In the deployment planning process, when should a person identify who gets to see network data?


A.

Deployment schedule


B.

Topology diagramming


C.

Data source inventory


D.

Data policy definition





C.
  

Data source inventory



To reduce the captain's work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?


A.

adhoc_searchhead = true (on all members)


B.

adhoc_searchhead = true (on the current captain)


C.

captain_is_adhoc_searchhead = true (on all members)


D.

captain_is_adhoc_searchhead = true (on the current captain)





D.
  

captain_is_adhoc_searchhead = true (on the current captain)



Configurations from the deployer are merged into which location on the search head cluster member?


A.

SPLUNK_HOME/etc/system/local


B.

SPLUNK_HOME/etc/apps/APP_HOME/local


C.

SPLUNK_HOME/etc/apps/search/default


D.

SPLUNK_HOME/etc/apps/APP_HOME/default





A.
  

SPLUNK_HOME/etc/system/local



Which index-time props.conf attributes impact indexing performance? (Select all that apply.)


A.

REPORT


B.

LINE_BREAKER


C.

ANNOTATE_PUNCT


D.

SHOULD_LINEMERGE





B.
  

LINE_BREAKER



D.
  

SHOULD_LINEMERGE



Which Splunk Enterprise offering has its own license?


A.

Splunk Cloud Forwarder


B.

Splunk Heavy Forwarder


C.

Splunk Universal Forwarder


D.

Splunk Forwarder Management





C.
  

Splunk Universal Forwarder



Which of the following commands is used to clear the KV store?


A.

splunk clean kvstore


B.

splunk clear kvstore


C.

splunk delete kvstore


D.

splunk reinitialize kvstore





A.
  

splunk clean kvstore



Which search will show all deployment client messages from the client (UF)?


A.

index=_audit component=DC* host=<ds> | stats count by message


B.

index=_audit component=DC* host=<uf> | stats count by message


C.

index=_internal component= DC* host=<uf> | stats count by message


D.

index=_internal component=DS* host=<ds> | stats count by message





C.
  

index=_internal component= DC* host=<uf> | stats count by message




Splunk SPLK-2002 Exam Details


Exam Code: SPLK-2002
Exam Name: Splunk Enterprise Certified Architect Exam
Certification Name: Splunk Enterprise Certified Architect Certification
Certification Provider: Splunk
Exam Questions: 85
Type of Questions: MCQs
Exam Time: 90 minutes
Passing Score: 70%
Exam Price: $130
Prerequisites: Splunk Core Certified Power User and Splunk Enterprise Certified Admin Certification