Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

A customer has a network device that transmits logs directly with UDP or TCP over SSL. Using PS best practices, which ingestion method should be used?

A.

Open a TCP port with SSL on a heavy forwarder to parse and transmit the data to the indexing tier.

B.

Open a UDP port on a universal forwarder to parse and transmit the data to the indexing tier.

C.

Use a syslog server to aggregate the data to files and use a heavy forwarder to read and transmit the data to the indexing tier.

D.

Use a syslog server to aggregate the data to files and use a universal forwarder to read and transmit the data to the indexing tier.

Full Access
Question # 5

Consider the scenario where the /var/log directory contains the files secure, messages, cron, audit. A customer has created the following inputs.conf stanzas in the same Splunk app in order to attempt to monitor the files secure and messages:

Which file(s) will actually be actively monitored?

A.

/var/log/secure

B.

/var/log/messages

C.

/var/log/messages, /var/log/cron, /var/log/audit, /var/log/secure

D.

/var/log/secure, /var/log/messages

Full Access
Question # 6

A non-ES customer has a concern about data availability during a disaster recovery event. Which of the following Splunk Validated Architectures (SVAs) would be recommended for that use case?

A.

Topology Category Code: M4

B.

Topology Category Code: M14

C.

Topology Category Code: C13

D.

Topology Category Code: C3

Full Access
Question # 7

Where does the bloomfilter reside?

A.

$SPLUNK_HOME/var/lib/splunk/indexfoo/db/db_1553504858_1553504507_8

B.

$SPLUNK_HOME/var/lib/splunk/indexfoo/db/db_1553504858_1553504507_8/*.tsidx

C.

$SPLUNK_HOME/var/lib/splunk/fishbucket

D.

$SPLUNK_HOME/var/lib/splunk/indexfoo/db/db_1553504858_1553504507_8/rawdata

Full Access
Question # 8

Which command is most efficient in finding the pass4SymmKey of an index cluster?

A.

find / -name server.conf –print | grep pass4SymKey

B.

$SPLUNK_HOME/bin/splunk search | rest splunk_server=local /servicesNS/-/ unhash_app/storage/passwords

C.

$SPLUNK_HOME/bin/splunk btool server list clustering | grep pass4SymmKey

D.

$SPLUNK_HOME/bin/splunk btool clustering list clustering --debug | grep

pass4SymmKey

Full Access
Question # 9

Which of the following is the most efficient search?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 10

What happens when an index cluster peer freezes a bucket?

A.

All indexers with a copy of the bucket will delete it.

B.

The cluster master will ensure another copy of the bucket is made on the other peers to meet the replication settings.

C.

The cluster master will no longer perform fix-up activities for the bucket.

D.

All indexers with a copy of the bucket will immediately roll it to frozen.

Full Access
Question # 11

In an environment that has Indexer Clustering, the Monitoring Console (MC) provides dashboards to monitor environment health. As the environment grows over time and new indexers are added, which steps would ensure the MC is aware of the additional indexers?

A.

No changes are necessary, the Monitoring Console has self-configuration capabilities.

B.

Using the MC setup UI, review and apply the changes.

C.

Remove and re-add the cluster master from the indexer clustering UI page to add new peers, then apply the changes under the MC setup UI.

D.

Each new indexer needs to be added using the distributed search UI, then settings must be saved under the MC setup UI.

Full Access
Question # 12

A customer is using both internal Splunk authentication and LDAP for user management.

If a username exists in both $SPLUNK_HOME/etc/passwd and LDAP, which of the following statements is accurate?

A.

The internal Splunk authentication will take precedence.

B.

Authentication will only succeed if the password is the same in both systems.

C.

The LDAP user account will take precedence.

D.

Splunk will error as it does not support overlapping usernames

Full Access