Splunk Enterprise Security Certified Analyst — Question 75

The Splunk Validated Architectures (SVAs) document provides a series of approved Splunk topologies. Which statement accurately describes how it should be used by a customer?

Answer options

• A. Customer should look at the category tables, pick the highest number that their budget permits, then select this design topology as the chosen design.
• B. Customers should identify their requirements, provisionally choose an approved design that meets them, then consider design principles and best practices to come to an informed design decision.
• C. Using the guided requirements gathering in the SVAs document, choose a topology that suits requirements, and be sure not to deviate from the specified design.
• D. Choose an SVA topology code that includes Search Head and Indexer Clustering because it offers the highest level of resilience.

Correct answer: B

Explanation

The correct answer is B because it emphasizes the importance of understanding customer requirements and making an informed decision based on design principles. Option A suggests a budget-driven approach that may not consider specific needs, while option C advocates for strict adherence to a design without flexibility. Option D focuses solely on resilience without addressing the overall alignment with customer requirements.