Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?
Which of the following security options must be explicitly configured (i.e. which options are not enabled by default)?
Certificate authentication between forwarders and indexers must be explicitly configured as it is not enabled by default. In contrast, data encryption between Splunk Web and splunkd, certificate authentication between Splunk Web and the search head, and data encryption for distributed search between search heads and indexers have different default states, and the only option here which explicitly requires manual configuration is B.
B and C https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwithSSL
it actually should just be B, Splunk Web to search head is SSL secured by default but forwarder to indexer is NOT by default. The table in the link above shows this.
Answer C is not for the SSL but for the Certificate authentication. Encryption between Splunk Web and SH is enabled by default but NOT the "Certificate Authentication" which is the example in C. In fact there is no single case where the Certificate authentication is enabled by default.
Just FYI - in the real exam, this is not a multiple choice question. Only one answer is accepted.
Answers B and C should be valid both according to : https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwithSSL
This question was a single answer. I think C is correct.
It's written "which options are not enabled by default"
Answers B and C. Data encryption is enabled everywhere by default except from Forwarders to Indexers, between Indexers and from browser to Splunk Web. In the other hand, certificate authentication is never enabled by default anywhere.
B and C
B and C Ref: https://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwithSSL#Methods_to_secure_the_Splunk_platform