Splunk Enterprise Certified Architect — Question 6

Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?

Answer options

• A. Data encryption between Splunk Web and splunkd.
• B. Certificate authentication between forwarders and indexers.
• C. Certificate authentication between Splunk Web and search head.
• D. Data encryption for distributed search between search heads and indexers.

Correct answer: B

Explanation

The correct answer is B, as certificate authentication between forwarders and indexers is not enabled by default and requires explicit configuration. Options A, C, and D are typically enabled by default in Splunk, which means they do not need to be manually configured.