Splunk Enterprise Certified Architect QUESTIONS
AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+||BRAND
NEW!!
Save
Terms in this set (90)
1 A
Which of the following will cause the
greatest reduction in disk size
requirements for a cluster of N
indexers running Splunk Enterprise
Security?
A. Setting the cluster search factor to
N-1.
B. Increasing the number of buckets
per index.
C. Decreasing the data model
acceleration range.
D. Setting the cluster replication
factor to N-1.
,2 A
Stakeholders have identified high
availability for searchable data as
their top priority. Which of the
following best addresses this
requirement?
A. Increasing the search factor in the
cluster.
B. Increasing the replication factor in
the cluster.
C. Increasing the number of search
heads in the cluster.
D. Increasing the number of CPUs on
the indexers in the cluster.
3 Search dashboards in the D
Monitoring Console indicate that the
distributed deployment is
approaching its capacity. Which of
the following options will provide
the most search performance
improvement?
A. Replace the indexer storage to
solid state drives (SSD).
B. Add more search heads and
redistribute users based on the
search type.
C. Look for slow searches and
reschedule them to run during an
off-peak time.
D. Add more search peers and make
sure forwarders distribute data
evenly across all indexers.
,4 B
A Splunk architect has inherited the
Splunk deployment at Buttercup
Games and end users are
complaining that the events are
inconsistently formatted for a web
sourcetype. Further investigation
reveals that not all web logs flow
through the same infrastructure:
some of the data goes through
heavy forwarders and some of the
forwarders are managed by another
department. Which of the following
items might be the cause for this
issue?
A. The search head may have
different configurations than the
indexers.
B. The data inputs are not properly
configured across all the forwarders.
C. The indexers may have different
configurations than the heavy
forwarders.
D. The forwarders managed by the
other department are an older
version than the rest.
, 5 A customer has installed a 500GB D
Enterprise license. They also
purchased and installed a 300GB, no
enforcement license on the same
license master. How much data can
the customer ingest before search is
locked out?
A. 300GB. After this limit, search is
locked out.
B. 500GB. After this limit, search is
locked out.
C. 800GB. After this limit, search is
locked out.
D. Search is not locked out.
Violations are still recorded.
6 What does the deployer do in a A/C
Search Head Cluster (SHC)? (Select
all that apply.)
A. Distributes apps to SHC members.
B. Bootstraps a clean Splunk install
for a SHC.
C. Distributes non-search related
and manual configuration file
changes.
D. Distributes runtime knowledge
object changes made by users
across the SHC.
AND CORRECT DETAILED ANSWERS (VERIFIED
ANSWERS) |ALREADY GRADED A+||BRAND
NEW!!
Save
Terms in this set (90)
1 A
Which of the following will cause the
greatest reduction in disk size
requirements for a cluster of N
indexers running Splunk Enterprise
Security?
A. Setting the cluster search factor to
N-1.
B. Increasing the number of buckets
per index.
C. Decreasing the data model
acceleration range.
D. Setting the cluster replication
factor to N-1.
,2 A
Stakeholders have identified high
availability for searchable data as
their top priority. Which of the
following best addresses this
requirement?
A. Increasing the search factor in the
cluster.
B. Increasing the replication factor in
the cluster.
C. Increasing the number of search
heads in the cluster.
D. Increasing the number of CPUs on
the indexers in the cluster.
3 Search dashboards in the D
Monitoring Console indicate that the
distributed deployment is
approaching its capacity. Which of
the following options will provide
the most search performance
improvement?
A. Replace the indexer storage to
solid state drives (SSD).
B. Add more search heads and
redistribute users based on the
search type.
C. Look for slow searches and
reschedule them to run during an
off-peak time.
D. Add more search peers and make
sure forwarders distribute data
evenly across all indexers.
,4 B
A Splunk architect has inherited the
Splunk deployment at Buttercup
Games and end users are
complaining that the events are
inconsistently formatted for a web
sourcetype. Further investigation
reveals that not all web logs flow
through the same infrastructure:
some of the data goes through
heavy forwarders and some of the
forwarders are managed by another
department. Which of the following
items might be the cause for this
issue?
A. The search head may have
different configurations than the
indexers.
B. The data inputs are not properly
configured across all the forwarders.
C. The indexers may have different
configurations than the heavy
forwarders.
D. The forwarders managed by the
other department are an older
version than the rest.
, 5 A customer has installed a 500GB D
Enterprise license. They also
purchased and installed a 300GB, no
enforcement license on the same
license master. How much data can
the customer ingest before search is
locked out?
A. 300GB. After this limit, search is
locked out.
B. 500GB. After this limit, search is
locked out.
C. 800GB. After this limit, search is
locked out.
D. Search is not locked out.
Violations are still recorded.
6 What does the deployer do in a A/C
Search Head Cluster (SHC)? (Select
all that apply.)
A. Distributes apps to SHC members.
B. Bootstraps a clean Splunk install
for a SHC.
C. Distributes non-search related
and manual configuration file
changes.
D. Distributes runtime knowledge
object changes made by users
across the SHC.
