Splunk Enterprise Security Certified Analyst — Question 27

Which command is most efficient in finding the pass4SymmKey of an index cluster?

Answer options

• A. find / -name server.conf ""print | grep pass4SymKey
• B. $SPLUNK_HOME/bin/splunk search | rest splunk_server=local /servicesNS/-/unhash_app/storage/passwords
• C. $SPLUNK_HOME/bin/splunk btool server list clustering | grep pass4SymmKey
• D. $SPLUNK_HOME/bin/splunk btool clustering list clustering --debug | grep pass4SymmKey

Correct answer: C

Explanation

The correct answer, C, uses the $SPLUNK_HOME/bin/splunk btool command to list the server configurations specifically for clustering, allowing for the efficient retrieval of the pass4SymmKey. Option A is incorrect as it searches for a configuration file without directly accessing the needed key. Options B and D involve more complex commands that do not specifically target the pass4SymmKey in the same efficient manner as option C.