SPLK-3003無料問題集「Splunk Core Certified Consultant」

質問 1

Which of the following is the most efficient search?

（A）(index=www) OR (index=sales) | search (index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum (revenue) as total_revenue by session_id | table total_revenue session_id

（B）(index=www status=200 uri=/cart/checkout) OR (index=sales) | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

（C）index=www status=200 uri=/cart/checkout | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

（D）index=www | append [search index = sales] | stats count, sum(revenue) as total_revenue by session_id | table total_revenue session_id

正解：B 解答を投票する

質問 2

Monitoring Console (MC) health check configuration items are stored in which configuration file?

（A）alert_actions.conf

（B）healthcheck.conf

（C）distsearch.conf

（D）checklist.conf

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

An index receives approximately 50GB of data per day per indexer at an even and consistent rate. The customer would like to keep this data searchable for a minimum of 30 days. In addition, they have hourly scheduled searches that process a week's worth of data and are quite sensitive to search performance.
Given ideal conditions (no restarts, nor drops/bursts in data volume), and following PS best practices, which of the following sets of indexes.conf settings can be leveraged to meet the requirements?

（A）maxDataSize, frozenTimePeriodInSecs, maxVolumeDataSizeMB

（B）frozenTimePeriodInSecs, maxWarmDBCount, homePath.maxDataSizeMB, maxHotSpanSecs

（C）frozenTimePeriodInSecs, maxDataSize, maxVolumeDataSizeMB, maxHotBuckets

（D）maxDataSize, maxTotalDataSizeMB, maxHotBuckets, maxGlobalDataSizeMB

正解：C 解答を投票する

質問 4

Report acceleration has been enabled for a specific use case. In which bucket location is the corresponding CSV file located?

（A）homePath, coldPath

（B）thawedPath

（C）tstatsHomePath

（D）summaryHomePath

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

As data enters the indexer, it proceeds through a pipeline where event processing occurs. In which pipeline does line breaking occur?

（A）Indexing

（B）Parsing

（C）Merging

（D）Typing

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A new single-site three indexer cluster is being stood up with replication_factor:2, search_factor:2. At which step would the Indexer Cluster be classed as "˜Indexing Ready' and be able to ingest new data?
Step 1: Install and configure Cluster Master (CM)/Master Node with base clustering stanza settings, restarting CM.
Step 2: Configure a base app in etc/master-apps on the CM to enable a splunktcp input on port
9997 and deploy index creation configurations.
Step 3: Install and configure Indexer 1 so that once restarted, it contacts the CM, download the latest config bundle.
Step 4: Indexer 1 restarts and has successfully joined the cluster.
Step 5: Install and configure Indexer 2 so that once restarted, it contacts the CM, downloads the latest config bundle Step 6: Indexer 2 restarts and has successfully joined the cluster.
Step 7: Install and configure Indexer 3 so that once restarted, it contacts the CM, downloads the latest config bundle.
Step 8: Indexer 3 restarts and has successfully joined the cluster.

（A）Step 8

（B）Step 6

（C）Step 4

（D）Step 2

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A working search head cluster has been set up and used for 6 months with just the native/local Splunk user authentication method. In order to integrate the search heads with an external Active Directory server using LDAP, which of the following statements represents the most appropriate method to deploy the configuration to the servers?

（A）Configure the integration in a base configuration app located in shcluster-apps directory on the search head deployer, then deploy the configuration to the search heads using the splunk apply shcluster-bundle command.

（B）Configure the LDAP integration on one Search Head using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus. The configuration setting will replicate to the other nodes in the search head cluster eliminating the need to do this on the other search heads.

（C）On each search head, login and configure the LDAP integration using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus.

（D）Log onto each search using a command line utility. Modify the authentication.conf and authorize.conf files in a base configuration app to configure the integration.

正解：A 解答を投票する

質問 8

A customer has a Universal Forwarder (UF) with an inputs.conf monitoring its splunkd.log. The data is sent through a heavy forwarder to an indexer.
Where does the Index time parsing occur?

（A）Universal forwarder

（B）Heavy forwarder

（C）Search head

（D）Indexer

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SPLK-3003 無料問題集「Splunk Core Certified Consultant」

弊社を連絡する

関連リンク

トップ試験