Splunk Enterprise Certified Architect — Question 54

A new Splunk Enterprise deployment is being architected, and the customer wants to ensure that the data to be indexed is encrypted. Where should TLS be turned on in the Splunk deployment?

Answer options

• A. Indexer cluster peer nodes.
• B. Browser to Splunk Web.
• C. Deployment server to deployment clients.
• D. Splunk forwarders to indexers.

Correct answer: D

Explanation

The correct answer is D because enabling TLS between Splunk forwarders and indexers ensures that data is encrypted during transmission. Options A, B, and C do not directly secure the data being sent to the indexers, thus they do not meet the customer's requirement for data encryption.