Splunk Enterprise Certified Admin — Question 28
Which of the following are security best practices for Splunk app development? (Select all that apply.)
Answer options
- A. Store passwords in clear text in .conf files.
- B. Implement security in software development lifecycle.
- C. Manually test application with the controls listed in the OWASP Security Testing Guide.
- D. Use a dynamic scanner such as OWASP ZAP to scan web application components for vulnerabilities.
Correct answer: C, D
Explanation
Options C and D are correct because they involve proactive security measures such as manual testing and using dynamic scanning tools to identify vulnerabilities. Option A is incorrect as storing passwords in clear text is a significant security risk, and option B, while important, does not specifically address security practices for Splunk app development.