The master node distributes configuration bundles to peer nodes. Which directory peer nodes receive the bundles?

• A.apps
• B.deployment-apps
• C.slave-apps
• D.master-apps

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements describe licensing in a clustered Splunk deployment? (Select all that apply.)

• A.Each cluster member requires its own clustering license.
• B.Cluster members must share the same license pool and license master.
• C.Free licenses do not support clustering.
• D.Replicated data does not count against licensing.

Comment: *

Name: *

Email: *

Verification: *

Other than high availability, which of the following is a benefit of search head clustering?

• A.Allows indexers to maintain multiple searchable copies of all data.
• B.Input settings are synchronized between search heads.
• C.Fewer network ports are required to be opened between search heads.
• D.Automatic replication of user knowledge objects.

Comment: *

Name: *

Email: *

Verification: *

Which of the following strongly impacts storage sizing requirements for Enterprise Security?

• A.The number of scheduled (correlation) searches.
• B.The number of Splunk users configured.
• C.The number of source types used in the environment.
• D.The number of Data Models accelerated.

Comment: *

Name: *

Email: *

Verification: *

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)

• A.The field was extracted as a private knowledge object.
• B.The events are tagged as communicate, but are missing the network tag.
• C.The Typing Queue, which does regular expression replacements, is blocked.
• D.The colleague did not explicitly use the field in the search and the search was set to Fast Mode.

Comment: *

Name: *

Email: *

Verification: *