Splunk Enterprise Certified Architect v1.0

Page:    1 / 6   
Exam contains 97 questions
Expand All

Which command will permanently decommission a peer node operating in an indexer cluster?

  • A. splunk stop -f
  • B. splunk offline -f
  • C. splunk offline --enforce-counts
  • D. splunk decommission --enforce counts


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Takeapeeroffline

Which CLI command converts a Splunk instance to a license slave?

  • A. splunk add licenses
  • B. splunk list licenser-slaves
  • C. splunk edit licenser-localslave
  • D. splunk list licenser-localslave


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/LicenserCLIcommands

Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the _introspection index. Which of the following logs are included in this index? (Select all that apply.)

  • A. audit.log
  • B. metrics.log
  • C. disk_objects.log
  • D. resource_usage.log


Answer : CD

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Troubleshooting/Abouttheplatforminstrumentationframework

Which of the following can a Splunk diag contain?

  • A. Search history, Splunk users and their roles, running processes, indexed data
  • B. Server specs, current open connections, internal Splunk log files, index listings
  • C. KV store listings, internal Splunk log files, search peer bundles listings, indexed data
  • D. Splunk platform configuration details, Splunk users and their roles, current open connections, index listings


Answer : B

Reference:
https://splunkonbigdata.com/2018/10/01/splunk-diag/

Which of the following are true statements about Splunk indexer clustering?

  • A. All peer nodes must run exactly the same Splunk version.
  • B. The master node must run the same or a later Splunk version than search heads.
  • C. The peer nodes must run the same or a later Splunk version than the master node.
  • D. The search head must run the same or a later Splunk version than the peer nodes.


Answer : B

Reference:
https://answers.splunk.com/answers/760348/search-head-version-compatibility.html

A customer plans to ingest 600 GB of data per day into Splunk. They will have six concurrent users, and they also want high data availability and high search performance. The customer is concerned about cost and wants to spend the minimum amount on the hardware for Splunk. How many indexers are recommended for this deployment?

  • A. Two indexers not in a cluster, assuming users run many long searches.
  • B. Three indexers not in a cluster, assuming a long data retention period.
  • C. Two indexers clustered, assuming high availability is the greatest priority.
  • D. Two indexers clustered, assuming a high volume of saved/scheduled searches.


Answer : D

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Capacity/Summaryofperformancerecommendations

To reduce the captain's work load in a search head cluster, what setting will prevent scheduled searches from running on the captain?

  • A. adhoc_searchhead = true (on all members)
  • B. adhoc_searchhead = true (on the current captain)
  • C. captain_is_adhoc_searchhead = true (on all members)
  • D. captain_is_adhoc_searchhead = true (on the current captain)


Answer : D

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/DistSearch/Adhocclustermember

At which default interval does metrics.log generate a periodic report regarding license utilization?

  • A. 10 seconds
  • B. 30 seconds
  • C. 60 seconds
  • D. 300 seconds


Answer : B

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Troubleshooting/Aboutmetricslog

Which of the following is a good practice for a search head cluster deployer?

  • A. The deployer only distributes configurations to search head cluster members when they "phone home".
  • B. The deployer must be used to distribute non-replicable configurations to search head cluster members.
  • C. The deployer must distribute configurations to search head cluster members to be valid configurations.
  • D. The deployer only distributes configurations to search head cluster members with splunk apply shcluster-bundle.


Answer : A

A new Splunk customer is using syslog to collect data from their network devices on port 514. What is the best practice for ingesting this data into Splunk?

  • A. Configure syslog to send the data to multiple Splunk indexers.
  • B. Use a Splunk indexer to collect a network input on port 514 directly.
  • C. Use a Splunk forwarder to collect the input on port 514 and forward the data.
  • D. Configure syslog to write logs and use a Splunk forwarder to collect the logs.


Answer : D

Reference:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/Data/Monitornetworkports

Which Splunk internal index contains license-related events?

  • A. _audit
  • B. _license
  • C. _internal
  • D. _introspection


Answer : C

Reference:
https://answers.splunk.com/answers/579494/how-to-display-license-consumed-by-an-index-over-2.html

Which of the following statements describe a Search Head Cluster (SHC) captain? (Select all that apply.)

  • A. Is the job scheduler for the entire SHC.
  • B. Manages alert action suppressions (throttling).
  • C. Synchronizes the member list with the KV store primary.
  • D. Replicates the SHC's knowledge bundle to the search peers.


Answer : AD

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/DistSearch/SHCarchitecture#role_of_the_captain

Before users can use a KV store, an admin must create a collection. Where is a collection is defined?

  • A. kvstore.conf
  • B. collection.conf
  • C. collections.conf
  • D. kvcollections.conf


Answer : C

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Knowledge/DefineaKVStorelookupinSplunkWeb

Which search will show all deployment client messages from the client (UF)?

  • A. index=_audit component=DC* host=<ds> | stats count by message
  • B. index=_audit component=DC* host=<uf> | stats count by message
  • C. index=_internal component= DC* host=<uf> | stats count by message
  • D. index=_internal component=DS* host=<ds> | stats count by message


Answer : C

To optimize the distribution of primary buckets; when does primary rebalancing automatically occur? (Select all that apply.)

  • A. Rolling restart completes.
  • B. Master node rejoins the cluster.
  • C. Captain joins or rejoins cluster.
  • D. A peer node joins or rejoins the cluster.


Answer : ABD

Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Rebalancethecluster

Page:    1 / 6   
Exam contains 97 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy