Splunk Core Certified Advanced Power User — Question 57

How can native authentication be disabled in Splunk?

Answer options

• A. Remove the $SPLUNK_HOME/etc/passwd file
• B. Create an empty $SPLUNK_HOME/etc/passwd file
• C. Set SPLUNK_AUTHENTICATION=false in splunk-launch.conf
• D. Set nativeAuthentication=false in authentication.conf

Correct answer: B

Explanation

The correct answer is B because creating an empty $SPLUNK_HOME/etc/passwd file effectively disables native authentication by removing user credentials. Option A is incorrect as deleting the file is not a supported method for disabling authentication. Options C and D involve configuration changes that do not disable native authentication in the manner specified.