Splunk Enterprise Security Certified Admin — Question 4

ES needs to be installed on a search head with which of the following options?

Answer options

• A. No other apps.
• B. Any other apps installed.
• C. All apps removed except for TA-*.
• D. Only default built-in and CIM-compliant apps.

Correct answer: D

Explanation

The correct answer is D because ES requires a clean environment with only default built-in and CIM-compliant apps to function correctly. Options A and C are incorrect as they either restrict necessary apps or don't meet the requirements. Option B is incorrect because having any other apps could lead to compatibility issues.