SPLK-2002 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-2002 Exam - Question 49

A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf:

[clustering]

mode = master

replication_factor = 2

pass4SymmKey = password123

Which of the following statements describe this Splunk instance? (Select all that apply.)

Show Answer
Correct Answer: BCD

This Splunk instance is set as a master node for a cluster with a replication factor of 2, but there is no search factor specified. In the absence of a specified search factor, Splunk defaults to a search factor of 2. This instance needs to be restarted because the password is specified in plaintext in the configuration file, and Splunk will encrypt the password upon restarting, ensuring the security of the configuration.

Discussion

16 comments
Sign in to comment
sadhka
Sep 11, 2020

Answer is B and C

[Removed]
Mar 21, 2021

why C? Why do we need to restart the server?

khart
Apr 6, 2021

Perhaps because the password is in "raw" format, if the instance was restarted, the password will be a hash value...

sadhkaOptions: BD
Sep 11, 2020

this instance is a master, so master uri is not required, search factor is not set, so it will take the default value which is 2

SasnycoNOptions: BC
Feb 15, 2022

B and C

deepali_2710
Apr 27, 2023

The answer is B&C. Cluster pdf page no:30 (configuring Splunk master node)

manu78Options: BC
Mar 24, 2021

B and C

HIMMVOV6Options: BC
Sep 27, 2021

BC 100% Sure

IGoddard90Options: BC
Feb 8, 2022

Answer is B and C. https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/Transfercaptain#Transfer_captaincy

AB_12
Apr 8, 2021

B is wrong because search factor is not necessarilly replication factor

DeyanVV
May 4, 2021

If you don't specify a search factor or replication factor, the defaults are used. They are: Replication factor - 3 Search factor - 2 In this example, you will have a RF=2 and a SF=2

AnaBeeOptions: BC
Dec 27, 2021

pg 193/Cluster & https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/Transfercaptain#Transfer_captaincy

Yanch1Options: AD
Dec 13, 2022

B is not true, SF can be defined somewhere else

qtygbapjpesdayazkoOptions: CD
Jun 7, 2023

In Splunk 9 [clustering] mode = manager replication_factor = 2 pass4SymmKey = Hashed_Secret

qtygbapjpesdayazko
Jun 7, 2023

can not edit... is BC!

srek3502Options: BC
Oct 2, 2023

Splunk Cluster Admin pdf => pg 30 Splunk defaults to replication_factor = 3 search_factor = 2 https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/Aboutsecuringclusters When you edit the server.conf file to specify or change a pass4SymmKey, the Splunk platform encrypts the key in the server.conf file after you restart. Remember your key in plaintext, as it is very difficult to recover the key if you forget it. Correct Answer: B & C

DilsheerAlip
Jan 3, 2024

We can decrypt pass4symm key using "Splunk show-decrypted-pass4symmkey"

DilsheerAlip
Dec 29, 2023

[license] masterUri=<ip> is required right ?.

UntakedOptions: BC
Jan 25, 2024

B/C since master_uri is deprecated correct attribute should be 'manager_uri'

bobixakaOptions: BC
Jan 30, 2024

According to this documentation: https://docs.splunk.com/Documentation/Splunk/9.1.2/Indexer/Thesearchfactor And also this one: https://docs.splunk.com/Documentation/Splunk/9.1.3/Admin/Serverconf splunk has a default search_factor = 2 So answer B seems to be also correct. C is correct, because the password is in clear text and it should be encrypted by restarting the instance.

sunil343Options: AB
May 16, 2024

D Cannot be the answer master_uri feature is deprecated instead use manager_uri