Practice SPLK-3003 Exam Online

Question 1

A customer has a number of inefficient regex replacement transforms being applied. When under heavy load the indexers are struggling to maintain the expected indexing rate. In a worst case scenario, which queue(s) would be expected to fill up?

A : Typing, merging, parsing, input

B : Parsing

C : Typing

D : Indexing, typing, merging, parsing, input

Answer: B

Question 2

A customer would like to remove the output_file capability from users with the default user role to stop them from filling up the disk on the search head with lookup files. What is the best way to remove this capability from users?

A : Create a new role without the output_file capability that inherits the default user role and assign it to the users.

B : Create a new role with the output_file capability that inherits the default user role and assign it to the users.

C : Edit the default user role and remove the output_file capability.

D : Clone the default user role, remove the output_file capability, and assign it to the users.

Answer: C

Question 3

When setting up a multisite search head and indexer cluster, which nodes are required to declare site membership?

A : Search head cluster members, deployer, indexers, cluster master

B : Search head cluster members, deployment server, deployer, indexers, cluster master

C : All splunk nodes, including forwarders, must declare site membership

D : Search head cluster members, indexers, cluster master

Answer: D

Question 4

A customer has a multisite cluster (two sites, each site in its own data center) and users experiencing a

slow response when searches are run on search heads located in either site. The Search Job Inspector

shows the delay is being caused by search heads on either site waiting for results to be returned by

indexers on the opposing site. The network team has confirmed that there is limited bandwidth available

between the two data centers, which are in different geographic locations.

Which of the following would be the least expensive and easiest way to improve search performance?

A : Configure site_search_factor to ensure a searchable copy exists in the local site for each search head.

B : Move all indexers and search heads in one of the data centers into the same site.

C : Install a network pipe with more bandwidth between the two data centers.

D : Set the site setting on each indexer in the server.conf clustering stanza to be the same for all indexers regardless of site.

Answer: A

Question 5

A customer has the following Splunk instances within their environment: An indexer cluster consisting of a

cluster master/master node and five clustered indexers, two search heads (no search head clustering), a

deployment server, and a license master. The deployment server and license master are running on their

own single-purpose instances. The customer would like to start using the Monitoring Console (MC) to

monitor the whole environment.

On the MC instance, which instances will need to be configured as distributed search peers by specifying

them via the UI using the settings menu?

A : Just the cluster master/master node.

B : Indexers, search heads, deployment server, license master, cluster master/master node.

C : Search heads, deployment server, license master, cluster master/master node

D : Deployment server, license master

Answer: C

Name:	Splunk Core Certified Consultant
Exam Code:	SPLK-3003
Certification:	Splunk Core Certified Consultant
Vendor:	Splunk
Total Questions:	85
Last Updated:	Apr 24, 2024

Splunk SPLK-3003