Splunk Enterprise Security Certified Analyst — Question 83

The universal forwarder (UF) should be used whenever possible, as it is smaller and more efficient. In which of the following scenarios would a heavy forwarder
(HF) be a more appropriate choice?

Answer options

• A. When a predictable version of Python is required.
• B. When filtering 10%""15% of incoming events.
• C. When monitoring a log file.
• D. When running a script.

Correct answer: A

Explanation

The correct answer is A because a heavy forwarder can manage a specific version of Python, which is essential for compatibility in certain environments. Options B, C, and D do not specifically require the additional capabilities of a heavy forwarder, as these tasks can typically be handled by a universal forwarder.