FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 5: Splunk Enterprise Security Certified Admin

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 31

Multiple Choice

Review LaterAdd Note

Review Later

In a distributed environment, knowledge object bundles are replicated from the search head to which location on the search peer(s) ?

A) SPLUNK_HOME/var/lib/searchpeers
B) SPLUNK_HOME/var/log/searchpeers
C) SPLUNK_HOME/var/run/searchpeers
D) SPLUNK_HOME/var/spool/searchpeers

Correct Answer

verified

Show Answer

Question 32

Multiple Choice

Review LaterAdd Note

Review Later

Which of the following clarification steps should be taken if apps are not appearing on a deployment client? (Select all that apply.)

A) Check serverclass.conf of the deployment server. Check serverclass.conf of the deployment server.
B) Check deploymentclient.conf of the deployment client. deploymentclient.conf of the deployment client.
C) Check the content of SPLUNK_HOME/etc/apps of the deployment server. Check the content of SPLUNK_HOME/etc/apps
D) Search for relevant events in splunkd.log of the deployment server. Search for relevant events in splunkd.log

Correct Answer

verified

Show Answer

Question 33

Multiple Choice

Review LaterAdd Note

Which of the following statements describe search head clustering? (Select all that apply.)

In which phase of the Splunk Enterprise data pipeline are indexed extraction configurations processed?

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default) ?

How does the average run time of all searches relate to the available CPU cores on the indexers?

When using the props.conf LINE_BREAKER attribute to delimit multi-line events, the SHOULD_LINEMERGE attribute should be set to what?

Splunk Enterprise platform instrumentation refers to data that the Splunk Enterprise deployment logs in the _introspection index. Which of the following logs are included in this index? (Select all that apply.)

Which of the following statements describe a Search Head Cluster (SHC) captain? (Select all that apply.)

Which search head cluster component is responsible for pushing knowledge bundles to search peers, replicating configuration changes to search head cluster members, and scheduling jobs across the search head cluster?

Because Splunk indexing is read/write intensive, it is important to select the appropriate disk storage solution for each deployment. Which of the following statements is accurate about disk storage?

Which Splunk internal index contains license-related events?

What does the deployer do in a Search Head Cluster (SHC) ? (Select all that apply.)

What is the minimum reference server specification for a Splunk indexer?

Which two sections can be expanded using the Search Job Inspector?

To activate replication for an index in an indexer cluster, what attribute must be configured in indexes.conf on all peer nodes?

A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf: [clustering] mode = master replication_factor = 2 pass4SymmKey = password123 Which of the following statements describe this Splunk instance? (Select all that apply.)

What is the logical first step when starting a deployment plan?

Which of the following are true statements about Splunk indexer clustering?

In a four site indexer cluster, which configuration stores two searchable copies at the origin site, one searchable copy at site2, and a total of four searchable copies?