Splunk SPLK-2002 Practice Test - Questions Answers, Page 12

List of questions
Question 111

Why should intermediate forwarders be avoided when possible?
Question 112

A Splunk deployment is being architected and the customer will be using Splunk Enterprise Security (ES) and Splunk IT Service Intelligence (ITSI). Through data onboarding and sizing, it is determined that over 200 discrete KPIs will be tracked by ITSI and 1TB of data per day by ES. What topology ensures a scalable and performant deployment?
Question 113

How can internal logging levels in a Splunk environment be changed to troubleshoot an issue? (select all that apply)
Question 114

Other than high availability, which of the following is a benefit of search head clustering?
Question 115

By default, what happens to configurations in the local folder of each Splunk app when it is deployed to a search head cluster?
Question 116

A Splunk environment collecting 10 TB of data per day has 50 indexers and 5 search heads. A single-site indexer cluster will be implemented. Which of the following is a best practice for added data resiliency?
Question 117

Which Splunk log file would be the least helpful in troubleshooting a crash?
Question 118

Which of the following use cases would be made possible by multi-site clustering? (select all that apply)
Question 119

Which of the following would be the least helpful in troubleshooting contents of Splunk configuration files?
Question 120

What is the expected minimum amount of storage required for data across an indexer cluster with the following input and parameters?
* Raw data = 15 GB per day
* Index files = 35 GB per day
* Replication Factor (RF) = 2
* Search Factor (SF) = 2
Question