New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Splunk Core Certified Consultant SPLK-3003 Full Course Free

Page: 3 / 3
Total 85 questions

Splunk Core Certified Consultant Questions and Answers

Question 9

A customer has a network device that transmits logs directly with UDP or TCP over SSL. Using PS best practices, which ingestion method should be used?

Options:

A.

Open a TCP port with SSL on a heavy forwarder to parse and transmit the data to the indexing tier.

B.

Open a UDP port on a universal forwarder to parse and transmit the data to the indexing tier.

C.

Use a syslog server to aggregate the data to files and use a heavy forwarder to read and transmit the data to the indexing tier.

D.

Use a syslog server to aggregate the data to files and use a universal forwarder to read and transmit the data to the indexing tier.

Question 10

The customer has an indexer cluster supporting a wide variety of search needs, including scheduled search, data model acceleration, and summary indexing. Here is an excerpt from the cluster mater’s server.conf:

Which strategy represents the minimum and least disruptive change necessary to protect the searchability of the indexer cluster in case of indexer failure?

Options:

A.

Enable maintenance mode on the CM to prevent excessive fix-up and bring the failed indexer back online.

B.

Leave replication_factor=2, increase search_factor=2 and enable summary_replication.

C.

Convert the cluster to multi-site and modify the server.conf to be site_replication_factor=2, site_search_factor=2.

D.

Increase replication_factor=3, search_factor=2 to protect the data, and allow there to always be a searchable copy.

Question 11

Which command is most efficient in finding the pass4SymmKey of an index cluster?

Options:

A.

find / -name server.conf –print | grep pass4SymKey

B.

$SPLUNK_HOME/bin/splunk search | rest splunk_server=local /servicesNS/-/ unhash_app/storage/passwords

C.

$SPLUNK_HOME/bin/splunk btool server list clustering | grep pass4SymmKey

D.

$SPLUNK_HOME/bin/splunk btool clustering list clustering --debug | grep

pass4SymmKey

Question 12

When can the Search Job Inspector be used to debug searches?

Options:

A.

If the search has not expired.

B.

If the search is currently running.

C.

If the search has been queued.

D.

If the search has expired.

Page: 3 / 3
Total 85 questions