Below is a comprehensive and scientifically designed SPLK-2002 Study Plan, integrating:

• Pomodoro Technique: Focused 25-minute study sessions followed by short breaks to maintain concentration.

• Forgetting Curve (Ebbinghaus): Strategic spaced repetition and review to maximize long-term retention.

• Structured Objectives: Clear weekly learning goals and daily tasks based on the 20 core exam topics.

Study Structure Overview

Component	Details
Study Technique	Pomodoro (25 min study + 5 min break × 4), 1 long break
Review Strategy	Spaced review on Day 3, 7, 14, 30 based on Forgetting Curve
Weekly Goal	Cover 3–4 knowledge domains with daily deep dives
Weekly Review	End-of-week summary + mock questions (Sat/Sun optional)
Materials Needed	Study notes, Splunk lab/sandbox, access to Splunk Web, official docs

Week 1 - SPLK-2002 Study Plan

Theme: Splunk Architecture and Planning Fundamentals
Study Days: Day 1 to Day 5
Daily Time Commitment: 3 hours (4 Pomodoro sessions per day + review)
Weekly Objective:

• Understand the core architecture and components of Splunk.

• Learn how to assess business requirements and plan index design and system resources accordingly.

• Build the foundation to support advanced topics in later weeks.

Day 1 – Topic: Introduction to Splunk Architecture

Goal: Understand the structure of Splunk’s distributed architecture and each component's role.

Tasks:

1. Read a detailed breakdown of Splunk’s key components: Forwarders, Indexers, Search Heads, Cluster Master, Deployer, License Master.

2. Create a labeled architecture diagram by hand or using a tool (e.g., draw.io).

3. Write a 1–2 sentence explanation of the role of each component in your own words.

4. Research the typical data flow (from data ingestion to search visualization) and sketch a flow chart.

5. Use spaced repetition to create flashcards for each Splunk role.

Expected Output:

• A complete architecture diagram.

• Short notes on each component’s function.

• 8–10 flashcards for review.

Day 2 – Topic: Understanding Project Requirements

Goal: Learn how to gather, document, and analyze project requirements before designing a Splunk deployment.

Tasks:

1. Study common requirement categories: data sources, ingest volume, user roles, use cases.

2. Write a fictional project brief that includes:

   • Three data sources (e.g., firewalls, application logs, cloud logs)

   • Estimated data volume (e.g., 200 GB/day)

   • User types (SOC team, IT operations, compliance officer)

   • Use case types (threat detection, log centralization, audit reporting)

3. List 5 questions you would ask a customer to gather more detailed deployment requirements.

4. Create a checklist to validate that business needs align with deployment goals.

Expected Output:

• One fictional project requirements document.

• One project scoping checklist.

• 5 review questions on requirements analysis.

Day 3 – Topic: Infrastructure Planning – Index Design

Goal: Learn how to structure and manage indexes based on data type, retention, and volume.

Tasks:

1. Review the concept of index buckets (hot, warm, cold, frozen).

2. Practice calculating retention settings using frozenTimePeriodInSecs.

3. Create a table with three sample indexes:

   • Name

   • Sourcetype

   • Retention time

   • Storage path

4. Analyze when and why to split data across multiple indexes.

5. Review how data model acceleration may affect indexing performance.

Expected Output:

• An index planning table with at least three indexes.

• One written paragraph explaining bucket lifecycle.

• Flashcards on bucket types and retention settings.

Day 4 – Topic: Infrastructure Planning – Resource Planning

Goal: Understand how to plan CPU, memory, storage, and network resources for a deployment.

Tasks:

1. Read Splunk guidelines for hardware sizing based on daily ingest.

2. Write down formulas or rules of thumb (e.g., one indexer per 300GB/day, one SH per 10 users).

3. Use your Day 2 scenario to calculate required:

   • Number of indexers

   • Number of search heads

   • Network capacity between forwarders and indexers

   • Storage requirements for hot/warm/cold buckets

4. Compare SSD vs HDD usage for bucket types.

5. Prepare a sample hardware plan with basic specs (CPU, RAM, Disk) per node type.

Expected Output:

• A capacity plan for your fictional deployment.

• A table comparing resource use for different components.

• 10 review flashcards on sizing best practices.

Day 5 – Review and Reinforcement (Spaced Repetition – Day 1 Review)

Goal: Reinforce everything learned in Days 1–4 through review and practical testing.

Tasks:

1. Review and update flashcards made earlier in the week.

2. Attempt at least 10 practice questions (multiple choice or written) covering topics from Days 1–4.

3. Redraw the Splunk architecture diagram from memory, then compare it with the original and correct mistakes.

4. Write a one-page summary:

   • Key architecture takeaways

   • Design considerations

   • Common mistakes to avoid when planning indexes and resources

Expected Output:

• Flashcard accuracy ≥ 80%

• Corrected architecture diagram

• One-page study journal entry (summary + reflection)

Week 2 - SPLK-2002 Study Plan

Theme: Clustering, Forwarding, Performance, and Troubleshooting Fundamentals
Study Days: Day 1 to Day 5
Daily Study Duration: 3 hours/day
Study Method: 4 Pomodoros/day (25 min + 5 min break)
Weekly Objective:

• Understand the structure and function of Splunk clustering systems (Indexer Cluster and SHC).

• Learn how to configure and manage Universal and Heavy Forwarders using the Deployment Server.

• Monitor system performance using native tools and logs.

• Begin practicing structured troubleshooting using built-in Splunk diagnostic tools.

Day 1 – Topic: Clustering Overview

Goal: Understand the architecture and mechanics of Indexer and Search Head clustering in Splunk.

Tasks:

1. Read in-depth about Replication Factor (RF) and Search Factor (SF), and their effect on data availability.

2. Draw diagrams for both Single-site and Multisite Indexer Clusters, labeling key components.

3. Compare roles: Cluster Master (Manager Node), Peer Node, Deployer, Search Head, SHC Captain.

4. Create a configuration snippet example showing RF=3, SF=2 setup.

5. Write a comparison table: single-site vs multisite clustering – features, benefits, limitations.

Expected Output:

• Two diagrams showing cluster architectures.

• One written explanation of RF vs SF behavior.

• Comparison chart with at least 5 differences.

Day 2 – Topic: Forwarder Types and Deployment Best Practices

Goal: Master the differences between UF and HF, and learn how to centrally manage forwarder configuration using a Deployment Server.

Tasks:

1. List all differences between Universal Forwarder (UF) and Heavy Forwarder (HF). Include CPU usage, parsing ability, and use cases.

2. Write sample configuration files for the following:

   • inputs.conf to monitor a log file

   • outputs.conf for load balancing to multiple indexers

   • deploymentclient.conf to connect to Deployment Server

3. Write a serverclass.conf file that targets Linux forwarders only.

4. Diagram the communication between a Deployment Server and 100 UFs.

5. Explain why indexing on an HF may lead to license overuse.

Expected Output:

• A set of 4 complete sample config files.

• One written explanation of UF vs HF.

• One deployment workflow diagram.

Day 3 – Topic: Performance Monitoring and Tuning

Goal: Learn how to monitor Splunk performance (indexing and searching), identify bottlenecks, and apply basic tuning techniques.

Tasks:

1. Use Monitoring Console to explore:

   • Indexing throughput (KB/s)

   • Search concurrency

   • Skipped/long-running searches

2. Read and interpret entries in metrics.log and scheduler.log.

3. Identify signs of blocked queues (e.g., indexQueue, typingQueue) and link them to causes.

4. Create a table: performance metric → problem → solution (e.g., high CPU → inefficient SPL).

5. Write a checklist of best practices for tuning SPL and search performance.

Expected Output:

• Completed table of performance symptom → cause → solution.

• Screenshot or notes from Monitoring Console.

• 5 best-practice tips for search performance.

Day 4 – Topic: Troubleshooting Tools and Diagnostic Methods

Goal: Begin using core Splunk diagnostic tools to troubleshoot configuration and data pipeline issues.

Tasks:

1. Use splunk btool to inspect live config layering (props.conf, transforms.conf) and identify override precedence.

2. Generate a diagnostic bundle using splunk diag. Extract key paths: configs, logs, crash dumps.

3. Explore the REST API to list and check current search jobs:

   • Use /services/search/jobs

   • Get search state, duration, and user

4. Open and analyze a recent search job’s logs in:

   • $SPLUNK_HOME/var/run/splunk/dispatch/<sid>/search.log

5. Create a flowchart: issue symptom → related log → appropriate tool → resolution step.

Expected Output:

• One flowchart of troubleshooting steps.

• CLI output snippets for btool and diag.

• REST API request example and result notes.

Day 5 – Review Day (Spaced Repetition – Days 1–4)

Goal: Reinforce and internalize all knowledge from this week’s study, identify weak points, and correct misunderstandings.

Tasks:

1. Use your flashcards from the week (target: 20+ cards) and test yourself. Track your recall accuracy (aim for ≥ 85%).

2. Redraw the Indexer Cluster and SHC architecture diagrams from memory, then compare with original versions.

3. Attempt 10 multiple-choice or case-based questions based on:

   • Forwarder behavior

   • Cluster mechanics

   • Performance metrics

   • Config files (inputs.conf, outputs.conf, serverclass.conf)

4. Write a one-page weekly summary:

   • 5 key concepts learned

   • 3 tools mastered

   • 2 potential mistakes to avoid

   • 1 most valuable insight from the week

Expected Output:

• Revised and corrected diagrams.

• Practice question answer log.

• A 1-page self-written review summary.

• Updated Anki/flashcards with marked “need review” tags.

Week 3 - SPLK-2002 Study Plan

Theme: Troubleshooting, Configuration Management, and Search Optimization
Study Days: Day 1 to Day 5
Daily Study Duration: 3 hours/day
Study Method: 4 Pomodoros/day (25 min + 5 min break)
Weekly Objective:

• Learn how to clarify and classify problems using a structured approach.

• Troubleshoot license and crash-related issues.

• Understand how Splunk reads and overrides configuration files.

• Detect and resolve search-related problems such as performance, permissions, and errors.

Day 1 – Topic: Clarifying the Problem

Goal: Develop structured diagnostic thinking by learning how to break down, categorize, and trace issues across Splunk components.

Tasks:

1. Read about the four-question model:

   • Who is affected?

   • What is the symptom?

   • When did it start?

   • Where is it happening?

2. Create a diagnostic checklist based on the model.

3. Review and classify these issues into categories:

   • Data Collection

   • Indexing Delay

   • Search Failures

   • Configuration Errors

4. Practice with 2 fictional scenarios. For each, write:

   • Problem summary

   • Clarification steps

   • Likely root cause

5. Build a table: issue type → potential component → likely log source → tool to use.

Expected Output:

• A full diagnostic checklist template.

• Completed case breakdowns.

• A reference mapping table from symptom to investigation path.

Day 2 – Topic: Licensing and Crash Troubleshooting

Goal: Understand how licensing works, what causes violations, and how to troubleshoot Splunk crashes using logs and tools.

Tasks:

1. Study license architecture: License Master, stacking, daily volume tracking.

2. Simulate (on paper or lab) two licensing issues:

   • UF misconfigured to index data

   • HF double-indexing before forwarding

3. Read splunkd.log entries showing licensing violations. Write down message patterns.

4. Explore common crash causes:

   • Memory leaks

   • File descriptor exhaustion

   • Corrupt binaries

5. Practice reading crash logs and explain when you would use:

   • Restart

   • Reinstall

   • --repair_kvstore

Expected Output:

• One simulated license violation scenario documented.

• Chart: problem → log pattern → action.

• Flashcards on license components and crash handling flow.

Day 3 – Topic: Configuration Problems

Goal: Learn how to manage and troubleshoot .conf files using btool and understand Splunk’s configuration precedence model.

Tasks:

1. Review precedence order for configuration files (system/local > app/local > app/default > system/default).

2. Use btool to analyze the active settings in props.conf and inputs.conf.

3. Simulate a conflict: app-level sourcetype setting overrides a global setting. Use btool to trace the source.

4. Write config snippets for:

   • inputs.conf (monitor file)

   • props.conf (set sourcetype)

   • transforms.conf (rename a field)

5. Practice using the splunk reload command (document what configs can be reloaded vs what requires restart).

Expected Output:

• One summary of config precedence.

• At least 3 config snippets tested or written.

• btool command outputs annotated.

Day 4 – Topic: Search Problems and Performance Tuning

Goal: Identify the root causes of search failures and slow performance, and improve SPL quality.

Tasks:

1. Write 3 inefficient search queries and explain why they are problematic (e.g., search *).

2. Rewrite them using indexed fields and better SPL practices.

3. Run a search using Splunk Web and analyze using Job Inspector. Record:

   • Execution phases

   • Duration

   • CPU usage

4. Review search failure types:

   • Permissions denied

   • Missing knowledge objects

   • Long dispatch times

5. Read and analyze search.log, scheduler.log, and dispatch.log from a recent job.

Expected Output:

• 3 improved SPL examples.

• One full Job Inspector report with analysis.

• Summary notes of common search issues and logs involved.

Day 5 – Review Day (Spaced Repetition – Days 1–4)

Goal: Reinforce your understanding of Splunk problem-solving, configurations, and search performance through active recall and problem-based review.

Tasks:

1. Review and update your flashcards (minimum 25) for all topics this week.

2. Answer 10 multiple-choice or scenario-based practice questions. Focus on:

   • Config file precedence

   • Diagnosing license overage

   • Search error causes

3. Redraw the config precedence tree from memory, then compare and correct.

4. Write a 1-page summary:

   • Most common real-world Splunk issues

   • Your personal troubleshooting checklist

   • 3 insights or lessons learned

Expected Output:

• Corrected config tree diagram.

• Practice question results.

• 1-page reflection summary.

Week 4 - SPLK-2002 Study Plan

Theme: Deployment Architecture, Enterprise Scaling, and Site-Aware Indexer Clustering
Study Days: Day 1 to Day 5
Daily Study Duration: 3 hours/day
Study Method: 4 Pomodoros/day (25 min + 5 min break)
Weekly Objective:

• Understand the Splunk Deployment Server and its challenges.

• Design and plan large-scale Splunk environments.

• Compare and implement single-site and multisite indexer clustering.

• Analyze deployment best practices, high availability, and disaster recovery strategies.

Day 1 – Topic: Deployment Problems and Server Design

Goal: Learn how the Deployment Server works and how to troubleshoot configuration distribution failures.

Tasks:

1. Review how the Deployment Server functions: what it manages, how server classes work, and what clients need.

2. Write a valid serverclass.conf file that groups forwarders by OS type and deployment group.

3. Simulate a common problem: forwarders not receiving apps. Write a diagnostic process including log paths and likely causes.

4. Analyze the deploymentserver.log for key phrases like Pushing, Failed, or No matches.

5. Summarize best practices for managing large numbers of forwarders (e.g., app size, serverclass overlap).

Expected Output:

• A working serverclass.conf example.

• Troubleshooting checklist for app deployment failures.

• Summary of DS best practices (at least 5 items).

Day 2 – Topic: Large-scale Deployment Overview

Goal: Build the skills to design and evaluate enterprise-grade Splunk deployments for high volume and user load.

Tasks:

1. Design a fictional deployment for an enterprise ingesting 2 TB/day with 100+ users. Define:

   • Number of indexers

   • Number of SHC members

   • Role separation: Deployer, DS, License Master, Cluster Master

2. Choose a cloud-based or on-prem model, then list benefits and risks.

3. Write a capacity plan: storage tiering (hot/warm → SSD, cold → HDD, frozen → S3).

4. Document your disaster recovery strategy using multisite clustering, or cross-site backups.

5. Summarize the differences between small vs large-scale deployments in table form.

Expected Output:

• Enterprise-scale architecture diagram.

• Capacity plan and DR strategy document.

• Table: small vs large Splunk environment characteristics.

Day 3 – Topic: Single-site Indexer Cluster

Goal: Understand how a single-site indexer cluster operates and when it's appropriate.

Tasks:

1. Redraw a single-site indexer cluster with RF=3, SF=2, and 5 indexers.

2. Simulate an indexer going offline: what happens to RF and SF, and which logs would reflect it?

3. List advantages (simplicity, performance) and limitations (no DR, hardware risk).

4. Review settings in server.conf and indexes.conf that affect cluster setup.

5. Practice interpreting clustermaster.log for bucket fix-ups and replication failures.

Expected Output:

• Labeled single-site cluster diagram.

• One written scenario of failure and recovery response.

• Config snippet with RF/SF definitions.

Day 4 – Topic: Multisite Indexer Cluster

Goal: Learn how to design, configure, and monitor a site-aware, multi-datacenter indexer cluster.

Tasks:

1. Design a multisite cluster with site1 = New York, site2 = London.

2. Write the server.conf portion for both sites including:

   • site=site1

   • site_replication_factor = origin:2, total:3

   • site_search_factor = origin:1, total:2

3. Discuss the impact of latency and bandwidth between sites.

4. Write a procedure for what happens if an entire site goes down (failover, DR mode).

5. Compare RF/SF behavior in single-site vs multisite environments.

Expected Output:

• Two-site configuration sample.

• DR failover plan document.

• Chart comparing single vs multisite behavior.

Day 5 – Review Day (Spaced Review – Days 1–4)

Goal: Reinforce week’s knowledge by recreating designs, answering deployment-focused questions, and reflecting on tradeoffs.

Tasks:

1. Flashcard review: deployment, RF/SF behavior, site config settings. Aim for 85% recall.

2. Rebuild both your single-site and multisite cluster diagrams from memory, then verify for completeness.

3. Complete 10 scenario-based practice questions on:

   • DS failures

   • RF/SF violations

   • DR architecture

4. Write a 1-page technical reflection:

   • How does site awareness change replication behavior?

   • What tradeoffs exist between performance and resilience?

Expected Output:

• Redrawn architecture diagrams with RF/SF paths.

• Deployment question set results.

• Technical summary page with use-case examples.

Week 5 - SPLK-2002 Study Plan

Theme: Indexer and Search Head Cluster Management and Operations
Study Days: Day 1 to Day 5
Daily Study Duration: 3 hours/day
Study Method: 4 Pomodoros/day (25 min + 5 min break)
Weekly Objective:

• Operate and manage an indexer cluster: health checks, bucket replication, RF/SF enforcement.

• Master the Search Head Cluster (SHC): app deployment, captain election, and troubleshooting sync issues.

• Use CLI and log files to monitor cluster health and respond to errors.

Day 1 – Topic: Indexer Cluster Management and Health Monitoring

Goal: Learn how to use the Cluster Master to monitor, manage, and repair an indexer cluster.

Tasks:

1. Review roles in an indexer cluster:

   • Cluster Master (Manager Node)

   • Peer Nodes (Indexers)

2. Run the CLI command:

   • splunk show cluster-status

   • Analyze RF/SF compliance and peer node sync states

3. Open and interpret clustermaster.log:

   • Look for messages about bucket fix-ups, missing peers, or replication delays

4. Simulate a rebalance or manual bucket fix-up procedure: document the command and conditions to use it

5. Write an operational checklist:

   • What to check daily on Cluster Master

   • What logs to check after a peer failure

Expected Output:

• Annotated output from splunk show cluster-status

• One-page checklist for indexer cluster monitoring

• Summary table: common cluster issues and actions

Day 2 – Topic: Search Head Cluster Overview and Component Roles

Goal: Understand the SHC structure, role of each component, and how knowledge objects are synchronized.

Tasks:

1. Draw the Search Head Cluster structure with at least 3 SHC members, 1 Deployer, and 1 Captain

2. Define responsibilities:

   • Deployer: app/config distribution

   • Captain: search scheduling, object replication

   • Cluster members: search execution

3. Study how knowledge objects (saved searches, lookups, macros) are synchronized

4. Learn captain election process: what triggers it, and how quorum is maintained

5. Summarize the differences between SHC and standalone SH from both admin and user perspectives

Expected Output:

• Labeled diagram of SHC

• Table: SHC vs standalone SH

• Written summary of the SHC replication mechanism

Day 3 – Topic: SHC Management – Bundle Deployment and Rolling Restart

Goal: Use the SHC Deployer to safely push apps and configurations to cluster members.

Tasks:

1. Review the folder structure for app deployment:

   • $SPLUNK_HOME/etc/shcluster/apps/

2. Prepare a simple custom app with a saved search and a macro, and place it under the apps folder

3. Run the bundle push command:

   • splunk apply shcluster-bundle -target https://<captain>:8089 -auth admin:password

4. Review the deployment logs: check if the app was distributed successfully

5. Simulate a rolling restart:

   • Define when it is required

   • Write down the proper sequence

Expected Output:

• A successfully deployed test app

• CLI command summary with notes

• Rolling restart procedure document

Day 4 – Topic: SHC Troubleshooting and Sync Issues

Goal: Detect and resolve common synchronization failures in the SHC using logs and cluster status.

Tasks:

1. Use splunk show shcluster-status to check:

   • App replication status

   • Captain identity

   • Member sync state

2. Open and analyze shclustering.log:

   • Look for messages related to failed bundle replication

   • Identify out-of-sync members

3. Write a list of causes for bundle sync failure:

   • Bundle too large

   • Network issues

   • Role mismatch

4. Create a health audit checklist:

   • How to verify app consistency

   • What to check before pushing a bundle

5. Practice correcting an out-of-sync SHC node by restarting and checking logs

Expected Output:

• Annotated shclustering.log snippets

• Health checklist for SHC maintenance

• Summary of sync failure causes and solutions

Day 5 – Review Day (Spaced Review – Days 1–4)

Goal: Consolidate cluster operation knowledge through recall, question-solving, and procedural writing.

Tasks:

1. Flashcard review (20+ cards):

   • Cluster roles

   • CLI commands

   • Sync procedures

   • Log locations

2. Redraw both the Indexer Cluster and Search Head Cluster architectures from memory

3. Answer 10 scenario-based practice questions on:

   • Rebalancing buckets

   • SHC bundle conflicts

   • Peer node failures

4. Write a one-page operational summary for production environment:

   • Daily checks

   • Deployment practices

   • Failure recovery steps

Expected Output:

• Corrected cluster architecture diagrams

• Question results with notes

• One operational summary sheet ("Cluster Management in Production")

Week 6 - SPLK-2002 Study Plan

Theme: KV Store Mastery, Full Review, and Exam Simulation
Study Days: Day 1 to Day 5
Daily Study Duration: 3 hours/day
Study Method: 4 Pomodoros/day (25 min + 5 min break)
Weekly Objective:

• Understand and manage KV Store collections, permissions, and lookups.

• Reinforce knowledge across all 20 core topics using spaced repetition.

• Complete a full-length mock exam and identify remaining weaknesses.

• Finalize all diagrams, notes, and flashcards for long-term retention.

Day 1 – Topic: KV Store Collection and Lookup Management

Goal: Understand how KV Store works, how to define and manage collections, and how it integrates with lookups and apps.

Tasks:

1. Read the structure of a KV Store collection: keys, values, JSON format, schema flexibility.

2. Write a collections.conf file defining a custom collection (e.g., user access table or session tracking).

3. Use the REST API to perform the following (via cURL or Postman):

   • GET records

   • POST new records

   • DELETE entries

4. Simulate exposing a KV Store as a lookup using transforms.conf.

5. Review backup and repair strategies using:

   • kvstore-to-json.py

   • splunkd --repair_kvstore

Expected Output:

• One working collections.conf + test entries

• REST API command set with result snapshots

• Summary notes: permissions, use cases, maintenance routines

Day 2 – Topic: Review of Core Topics (Days 1–10)

Goal: Review and reinforce learning from the first two weeks: architecture, planning, clustering, and deployment.

Tasks:

1. Flashcard review (at least 40 cards) from Week 1 and 2:

   • Splunk architecture

   • Index design

   • Resource sizing

   • Forwarders

   • Clustering logic

2. Reconstruct key diagrams from memory:

   • Full Splunk deployment map

   • Forwarder to Indexer to SH data flow

   • RF/SF behavior example

3. Do 10 practice questions based on:

   • Index lifecycle

   • Deployment best practices

   • Monitoring Console analysis

4. Write a study sheet summarizing:

   • 5 Splunk components

   • 3 types of clusters

   • 3 common misconfigurations and their fix

Expected Output:

• Rewritten architecture diagrams

• Practice question answers and reflection

• Personal summary sheet (Week 1–2)

Day 3 – Topic: Review of Advanced Topics (Days 11–20)

Goal: Reinforce learning from Weeks 3 and 4: troubleshooting, configuration, search, licensing, and multisite design.

Tasks:

1. Review flashcards (40+) from Week 3 and 4:

   • Licensing

   • Crash handling

   • Configuration precedence

   • Search issues

   • Multisite cluster config

2. Do 10 scenario-based practice questions:

   • Troubleshooting flow

   • btool and diag usage

   • Site replication failure

3. Review key logs and their use:

   • splunkd.log

   • scheduler.log

   • clustermaster.log

4. Redraw a multisite cluster config (with RF/SF and site awareness). Explain in writing how failover works.

Expected Output:

• Flashcard quiz result log

• Practice question notes

• Written failover procedure for multisite

Day 4 – Topic: Mock Exam and Knowledge Gap Diagnosis

Goal: Simulate the actual exam environment, identify weak areas, and plan targeted final revision.

Tasks:

1. Complete a full-length mock exam (60–75 minutes, 50 questions). Use a quiet environment and no references.

2. Score your result. Target: 85%+

3. Analyze all missed or uncertain questions:

   • Identify which topic each belongs to

   • Write a note summarizing what was wrong and how to fix it

4. Rank topics by confidence (High / Medium / Low)

5. Create a mini study plan for any "Low Confidence" topics on Day 5

Expected Output:

• Mock exam result and reflection

• Missed question log

• Confidence heat map by topic

Day 5 – Topic: Final Consolidation and Teaching Review

Goal: Complete the final round of active recall and reinforce memory through summarization and teaching-style review.

Tasks:

1. Write a two-line summary of each of the 20 core topics

2. Prepare and “teach” one topic out loud (or record it) — pretend you're teaching someone else

3. Review top 10 most difficult flashcards from the entire course

4. Revisit your deployment and cluster diagrams, ensure you can annotate them from memory

5. Write your own “cheat sheet” — 2–3 pages max, including:

   • Key commands

   • File paths

   • Logs

   • Conf file functions

   • Deployment checklists

Expected Output:

• 20 concise topic summaries

• Final flashcard round (100% accuracy goal)

• A personal cheat sheet for last-minute exam review