Examice

Exam SPLK-3001 All QuestionsBrowse all questions from this exam

Question 38

A site has a single existing search head which hosts a mix of both CIM and non-CIM compliant applications. All of the applications are mission-critical. The customer wants to carefully control cost, but wants good ES performance.

What is the best practice for installing ES?

Install ES on the existing search head.

Add a new search head and install ES on it.

Increase the number of CPUs and amount of memory on the search head, then install ES.

Delete the non-CIM-compliant apps from the search head, then install ES.

Correct Answer: B

Installing ES (Enterprise Security) on a dedicated search head is a best practice. This separation ensures that the critical applications on the existing search head will not be affected by the resource-intensive processes associated with ES. By adding a new search head and installing ES on it, you ensure good performance of ES without compromising the existing, mission-critical applications. Additionally, a separate search head can be optimized specifically for ES, leading to better overall performance and manageability.

Discussion

asashimaOption: B

B is correct Administering Splunk Enterprise Security 6.6.pdf 324P

SoccerfanOption: B

B. Read page 12 of the SVA. https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf

andy73Option: C

C is correct