Splunk SPLK-3001 Quiz 2 Topic 4 Questions 6-10

Question: 1

Which component normalizes events?

ASA-CIM.

BSA-Notable.

CES application.

DTechnology add-on.

Show Answer

Question: 2

Which component normalizes events?

ASA-CIM.

BSA-Notable.

CES application.

DTechnology add-on.

Show Answer

Question: 3

When using distributed configLradon management to create the spiunk_TA_Forindexers package, vrfilch three files can be included?

Aeventtypes.conf, indexes.conf, tags.conf

Bindexes.conf, props.conf, transforms.conf

Cinputs.conf, props.conf, transforms.conf

Dweb.conf, props.conf, transforms.conf

Show Answer

Question: 4

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance. What is the best practice for installing ES?

AInstall ES on the existing search head.

BAdd a new search head and install ES on it.

CIncrease the number of CPUs and amount of memory on the search head, then install ES.

DDelete the non-CIM-compliant apps from the search head, then install ES.

Show Answer

Question: 5

Which settings indicated that the correlation search will be executed as new events are indexed?

AAlways-On

BReal-Time

CScheduled

DContinuous

Show Answer

Splunk SPLK-3001 Quiz:2 Topic:4 Questions:6-10