Consider a company with a Splunk distributed environment in production. The Compliance Department wants to start using Splunk; however, they want to ensure that no one can see their reports or any other knowledge objects. Which Splunk Component can be added to implement this policy for the new team?
To ensure that the Compliance Department's reports and knowledge objects are secure and not visible to others, the company can add a separate Search Head for this team. In a Splunk distributed environment, the Search Head is responsible for managing searches, dashboards, and knowledge objects. By isolating the Compliance Department on a dedicated Search Head, their data and objects can be kept entirely separate from other users.
Search head
I thought it was a dedicated Indexer, but that's incorrect, it's definitely another search head since the key word is dedicated knowledge objects, so its search heads.
D - Search Head ist correct. Sys Admin Slide 199
Search Head
B. The Deployment Server will distribute the configurations to the machines that will prevent access to those reports and Knowledge Objects
D. User authorization All authorization for a distributed search originates from the search head. At the time it sends the search request to its search peers, the search head also distributes the authorization information. It tells the search peers the name of the user running the search, the user's role, and the location of the distributed authorize.conf file containing the authorization information. https://docs.splunk.com/Documentation/Splunk/9.0.3/DistSearch/Knowledgebundlereplication