Examice

Exam SPLK-3003 All QuestionsBrowse all questions from this exam

Question 63

A customer has three users and is planning to ingest 250GB of data per day. They are concerned with search uptime, can tolerate up to a two-hour downtime for the search tier, and want advice on single search head versus a search head cluster. (SHC).

Which recommendation is the most appropriate?

The customer should deploy two active search heads behind a load balancer to support HA.

The customer should deploy a SHC with a single member for HA; more members can be added later.

The customer should deploy a SHC, because it will be required to support the high volume of data.

The customer should deploy a single search head with a warm standby search head and an rsync process to synchronize configurations.

Correct Answer: D

The customer should deploy a single search head with a warm standby search head and an rsync process to synchronize configurations. This setup provides adequate high availability (HA) for the search tier considering their tolerance for up to a two-hour downtime. Given that the customer plans to ingest 250GB of data per day and only has three users, the increased complexity and overhead of a search head cluster (SHC) would be unnecessary. This approach also allows for a mechanism to quickly restore search functionality without needing the complexity of a SHC.

Discussion

BamBamMantellOption: B

B - Single Member Search head cluster - no HA required at this time, data volumes less than 300Gb, so only single node needed, but it gives an upgrade path. https://docs.splunk.com/Documentation/Splunk/9.0.1/DistSearch/DeploysinglememberSHC

pepeperezOption: D

I would say D, B and C dont make sense and A is nonsense to have a load balancer to 2 different SHs

noyshererOption: D

The answer is D https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Summaryofperformancerecommendations

splunkingyetiOption: B

They don't need a full SHC for 3 users, so C is not correct.

jugulinhoOption: C

I think C