Which command is used for thawing the archive bucket?

A.

Splunk collect

B.

Splunk convert

C.

Splunk rebuild

D.

Splunk dbinspect

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?

A.

Data encryption between Splunk Web and splunkd.

B.

Certificate authentication between forwarders and indexers.

C.

Certificate authentication between Splunk Web and search head.

D.

Data encryption for distributed search between search heads and indexers

Because Splunk indexing is read/write intensive, it is important to select the appropriate disk storage solution for each deployment. Which of the following statements is accurate about disk storage?

A.

High performance SAN should never be used.

B.

Enable NFS for storing hot and warm buckets.

C.

The recommended RAID setup is RAID 10 (1 + 0).

D.

Virtualized environments are usually preferred over bare metal for Splunk indexers.

A search head has successfully joined a single site indexer cluster. Which command is used to configure the same search head to join another indexer cluster?

A.

splunk add cluster-config

B.

splunk add cluster-master

C.

splunk edit cluster-config

D.

splunk edit cluster-master

Which search head cluster component is responsible for pushing knowledge bundles to search peers,
replicating configuration changes to search head cluster members, and scheduling jobs across the search head
cluster?

A.

Master

B.

Captain

C.

Deployer

D.

Deployment server

Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the
_introspection index. Which of the following logs are included in this index? (Select all that apply.)

A.

audit.log

B.

metrics.log

C.

disk_objects.log

D.

resource_usage.log

Which of the following statements describe a Search Head Cluster (SHC) captain? (Select all that apply.)

A.

Is the job scheduler for the entire SHC.

B.

Manages alert action suppressions (throttling).

C.

Synchronizes the member list with the KV store primary.

D.

Replicates the SHC's knowledge bundle to the search peers.

In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?

A.

Input

B.

Search

C.

Parsing

D.

Indexing

The guidance Splunk gives for estimating size on for syslog data is 50% of original data size. How does this divide between files in the index?

A.

rawdata is: 10%, tsidx is: 40%

B.

rawdata is: 15%, tsidx is: 35%

C.

rawdata is: 35%, tsidx is: 15%

D.

rawdata is: 40%, tsidx is: 10%

How does IT Service Intelligence (ITSI) impact the planning of a Splunk deployment?

A.

ITSI requires a dedicated deployment server.

B.

The amount of users using ITSI will not impact performance.

C.

ITSI in a Splunk deployment does not require additional hardware resources.

D.

Depending on the Key Performance Indicators that are being tracked, additional infrastructure may be
needed.