Splunk Enterprise Security Certified Analyst — Question 49

A customer has been using Splunk for one year, utilizing a single/all-in-one instance. This single Splunk server is now struggling to cope with the daily ingest rate.
Also, Splunk has become a vital system in day-to-day operations making high availability a consideration for the Splunk service. The customer is unsure how to design the new environment topology in order to provide this.
Which resource would help the customer gather the requirements for their new architecture?

Answer options

• A. Direct the customer to the docs.splunk.com and tell them that all the information to help them select the right design is documented there.
• B. Ask the customer to engage with the sales team immediately as they probably need a larger license.
• C. Refer the customer to answers.splunk.com as someone else has probably already designed a system that meets their requirements.
• D. Refer the customer to the Splunk Validated Architectures document in order to guide them through which approved architectures could meet their requirements.

Correct answer: D

Explanation

The correct answer is D because the Splunk Validated Architectures document provides structured guidance on approved architectures that can meet the client's requirements for high availability and performance. Options A and C are less effective as they do not offer specific architectural guidance. Option B is irrelevant to the design requirements and focuses only on licensing.