Splunk Enterprise Certified Architect — Question 81

A customer has a Splunk Enterprise deployment and wants to collect data from universal forwarders. What is the best step to secure log traffic?

Answer options

• A. Create signed SSL certificates and use them to encrypt data between the search heads and indexers.
• B. Use the Splunk provided SSL certificates to encrypt data between the forwarders and indexers.
• C. Ensure all forwarded traffic is routed through a web application firewall (WAF).
• D. Create signed SSL certificates and use them to encrypt data between the forwarders and indexers.

Correct answer: D

Explanation

The correct answer is D because creating signed SSL certificates specifically for encrypting data between the forwarders and indexers ensures secure communication. Option A is incorrect as it focuses on securing traffic between search heads and indexers instead of forwarders. Option B suggests using default certificates, which may not provide the same level of security as custom signed certificates. Option C does not directly secure the log traffic itself.