Splunk Enterprise Certified Admin — Question 19

A fellow Splunk administrator is reviewing an app that has been downloaded from splunkbase and deployed in an organization. The admin has e-mailed the following configuration snippet with a brief note that says `fix the permissions`.
In what configuration file should the snippet be placed?
[]
access = read : [ * ], write : [ admin ]
export - system
(Assume that $APP_HOME refers to the path that the app is installed, e.g. $SPLUNK_HOME/etc/apps/<app name>)

Answer options

• A. $APP_HOME/default/app.conf
• B. $APP_HOME/local/default.meta
• C. $APP_HOME/metadata/local.meta
• D. $SPLUNK_HOME/etc/system/local/server.conf

Correct answer: D

Explanation

The correct answer is D because server.conf is the appropriate file for defining permissions at the system level. Options A, B, and C are not suitable for permission configurations as they pertain to app settings and metadata, which do not handle access control in the same way.