Examice

Exam SPLK-2002 All QuestionsBrowse all questions from this exam

Go to Exam

Question 49

A Splunk instance has the following settings in SPLUNK_HOME/etc/system/local/server.conf:

[clustering]

mode = master

replication_factor = 2

pass4SymmKey = password123

Which of the following statements describe this Splunk instance? (Select all that apply.)

This is a multi-site cluster.

This cluster's search factor is 2.

This Splunk instance needs to be restarted.

This instance is missing the master_uri attribute.

Correct Answer: B, C

This Splunk instance is set as a master node for a cluster with a replication factor of 2, but there is no search factor specified. In the absence of a specified search factor, Splunk defaults to a search factor of 2. This instance needs to be restarted because the password is specified in plaintext in the configuration file, and Splunk will encrypt the password upon restarting, ensuring the security of the configuration.

Discussion

sadhka

Answer is B and C

[Removed]

why C? Why do we need to restart the server?

khart

Perhaps because the password is in "raw" format, if the instance was restarted, the password will be a hash value...

sadhkaOptions: BD

this instance is a master, so master uri is not required, search factor is not set, so it will take the default value which is 2

deepali_2710

The answer is B&C. Cluster pdf page no:30 (configuring Splunk master node)

SasnycoNOptions: BC

B and C

IGoddard90Options: BC

Answer is B and C. https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/Transfercaptain#Transfer_captaincy

HIMMVOV6Options: BC

BC 100% Sure

manu78Options: BC

B and C

sunil343Options: AB

D Cannot be the answer master_uri feature is deprecated instead use manager_uri

bobixakaOptions: BC

According to this documentation: https://docs.splunk.com/Documentation/Splunk/9.1.2/Indexer/Thesearchfactor And also this one: https://docs.splunk.com/Documentation/Splunk/9.1.3/Admin/Serverconf splunk has a default search_factor = 2 So answer B seems to be also correct. C is correct, because the password is in clear text and it should be encrypted by restarting the instance.

UntakedOptions: BC

B/C since master_uri is deprecated correct attribute should be 'manager_uri'

DilsheerAlip

[license] masterUri=<ip> is required right ?.

srek3502Options: BC

Splunk Cluster Admin pdf => pg 30 Splunk defaults to replication_factor = 3 search_factor = 2 https://docs.splunk.com/Documentation/Splunk/9.1.1/Security/Aboutsecuringclusters When you edit the server.conf file to specify or change a pass4SymmKey, the Splunk platform encrypts the key in the server.conf file after you restart. Remember your key in plaintext, as it is very difficult to recover the key if you forget it. Correct Answer: B & C

DilsheerAlip

We can decrypt pass4symm key using "Splunk show-decrypted-pass4symmkey"

qtygbapjpesdayazkoOptions: CD

In Splunk 9 [clustering] mode = manager replication_factor = 2 pass4SymmKey = Hashed_Secret

qtygbapjpesdayazko

can not edit... is BC!

Yanch1Options: AD

B is not true, SF can be defined somewhere else

AnaBeeOptions: BC

pg 193/Cluster & https://docs.splunk.com/Documentation/Splunk/8.2.4/DistSearch/Transfercaptain#Transfer_captaincy

AB_12

B is wrong because search factor is not necessarilly replication factor

DeyanVV

If you don't specify a search factor or replication factor, the defaults are used. They are: Replication factor - 3 Search factor - 2 In this example, you will have a RF=2 and a SF=2