SPLK-3003 Exam QuestionsBrowse all questions from this exam

SPLK-3003 Exam - Question 53

A customer has a network device that transmits logs directly with UDP or TCP over SSL. Using PS best practices, which ingestion method should be used?

Open a TCP port with SSL on a heavy forwarder to parse and transmit the data to the indexing tier.

Open a UDP port on a universal forwarder to parse and transmit the data to the indexing tier.

Use a syslog server to aggregate the data to files and use a heavy forwarder to read and transmit the data to the indexing tier.

Use a syslog server to aggregate the data to files and use a universal forwarder to read and transmit the data to the indexing tier.

Show Answer

Correct Answer: AD

The customer needs a method to transmit logs securely using UDP or TCP over SSL. To follow best practices, a heavy forwarder would be most effective as it has the capability to handle SSL encryption and parse data efficiently. Opening a TCP port with SSL on a heavy forwarder ensures that the logs are securely transmitted and properly parsed before being sent to the indexing tier. Using a heavy forwarder in this context is more secure and efficient compared to other methods that may not handle SSL or parsing as effectively.

Discussion

3 comments

RedtonyeahOption: D

May 23, 2022

D is the correct

Steve2610

Oct 24, 2022

Page 51

Steve2610

Oct 24, 2022

D is the answer

hpbdcbOption: D

Feb 1, 2024

best practice is D