Splunk Enterprise Security Certified Analyst — Question 54
What is the default push mode for a search head cluster deployer app configuration bundle?
Answer options
- A. full
- B. merge_to_default
- C. default_only
- D. local_only
Correct answer: B
Explanation
The correct answer is B, as 'merge_to_default' is the default push mode for a search head cluster deployer app configuration bundle, allowing the configurations to be integrated with existing settings. The other options, such as 'full', 'default_only', and 'local_only', do not reflect the standard behavior for app deployments in this context.