With authentication methods are natively supported within Splunk Enterprise? (Choose all that apply.)
With authentication methods are natively supported within Splunk Enterprise? (Choose all that apply.)
Splunk Enterprise natively supports LDAP (Lightweight Directory Access Protocol) and SAML (Security Assertion Markup Language) as authentication methods. While RADIUS and Duo Multifactor Authentication can be integrated into Splunk, they generally require additional configurations or third-party tools, which means they are not considered natively supported authentication methods.
A B D I think
Answer: ABC https://docs.splunk.com/Documentation/Splunk/8.1.1/Security/SetupuserauthenticationwithSplunk
also reference this: https://docs.splunk.com/Splexicon:Userauthentication
I would go for ABCD. In page 239 of System Admin slide deck, it shows the screenshot for Authentication Methods. Internal - Splunk authentication, always on. External: None/LDAP/SAML. Multifactor Authentication: None/DUO Security / RSA Security Then in the note, it states: Scripted access to PAM, RADIUS or other user account systems are also supported. The unclear thing here is what exactly they mean with "natively"
Correct Answer: A,B & C
ABD - System Admin PDF page 168 (Splunk Authentication Options). Screenshot shows LDAP/SAML/DUO. RADIUS is supported through scripting, but don't think that counts as "natively supported"?
Splunk Authentication Options –Native Splunk accounts –LDAP or AD –SAML –Scripted access to PAM, RADIUS, or other user account systems • Saves the settings in authentication.conf ***ALSO Configuration Duo MFA -----AKA---- DUO MULTIFACTOR AUTHOTICATION
A & B https://docs.splunk.com/Documentation/Splunk/latest/Security/Setupbuilt-inauthentication Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics:
Answer: A and B Supported: Splunk, LDAP, Scripted, SAML and ProxySSO
A. LDAP B. SAML C. RADIUS Splunk Enterprise natively supports LDAP, SAML, and RADIUS authentication methods. Duo Multifactor Authentication is not natively supported, but it can be integrated with Splunk using third-party plugins or custom scripts.
A B D https://docs.splunk.com/Documentation/Splunk/latest/Security/SetupuserauthenticationwithSplunk
ABCD, in the document you referenced it includes "RADIUS":Use scripted authentication to integrate Splunk authentication with an external authentication system, such as Remote Authentication Dial-in User Service (RADIUS) or Pluggable Authentication Module (PAM).
A B and D. RADIUS requires scripting to be implemented, which means it's not "natively" supported by Splunk...
A, B & C The authentication methods natively supported within Splunk Enterprise are: A. LDAP (Lightweight Directory Access Protocol) B. SAML (Security Assertion Markup Language) C. RADIUS (Remote Authentication Dial-In User Service) While Duo Multifactor Authentication can be integrated with Splunk, it is typically done through SAML or another authentication provider and not directly within Splunk Enterprise itself. Therefore, D. Duo Multifactor Authentication is not considered a natively supported authentication method within Splunk.
A & B for sure D - however supported, 2FA is not listed as authentication method. It even says: Multifactor Authentication Not available with external authentication such as SAML.
Only AB
I am still not sure because i see this: The Splunk platform authenticates users in the following order: https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Setupbuilt-inauthentication 1 - Native Splunk authentication 2 - Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigureSplunkToUsePAMOrRADIUSAuthentication Native Splunk authentication takes precedence over any other type of authentication scheme. When you configure scripted authentication, the Splunk native authentication scheme still processes logins before passing the request onward to the scripted authentication scheme.
ABC - https://docs.splunk.com/Documentation/Splunk/latest/Security/Setupbuilt-inauthentication Set up native Splunk authentication: Native Splunk authentication lets you easily set up users to access Splunk platform resources. Available in both Splunk Cloud Platform and Splunk Enterprise, the native authentication scheme always takes precedence over any external authentication schemes. The Splunk platform authenticates users in the following order: Native Splunk authentication Lightweight Directory Access Protocol (LDAP), Security Assertion Markup Language (SAML), or scripted authentication (if enabled). For more information, see the following topics: Set up user authentication with LDAP Set up user authentication with external systems. Scripted authentication is not available on Splunk Cloud Platform.
A & B are correct as we can see https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/Setupbuilt-inauthentication#:~:text=Available%20in%20both%20Splunk%20Cloud,over%20any%20external%20authentication%20schemes.&text=Lightweight%20Directory%20Access%20Protocol%20(LDAP,scripted%20authentication%20(if%20enabled).