ExamGecko
Search Search Login
Home Home / Splunk / SPLK-1003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309 Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Which is a valid stanza for a network input?
In a customer managed Splunk Enterprise environment, what is the endpoint URI used to collect data?
Consider the following stanza in inputs.conf: What will the value of the source filed be for events generated by this scripts input?
What are the minimum required settings when creating a network input in Splunk?
Local user accounts created in Splunk store passwords in which file?
Which Splunk component(s) would break a stream of syslog inputs into individual events? (select all that apply)
Running this search in a distributed environment: On what Splunk component does the eval command get executed?
User role inheritance allows what to be inherited from the parent role? (select all that apply)
Which of the following Splunk components require a separate installation package?

Question 183 - SPLK-1003 discussion

Report
Export

Which scenario is applicable given the stanzas in authentication.conf below?

[authentication]

externalTwoFactorAuthVendor = Duo

externalTwoFactorAuthSettings = duoMFA

[duoMFA]

integrationKey = aGFwcHliaXJ0aGRheU1pZGR5

secretKey = YXVzdHJhaWxpYW5Gb3JHcmVw

applicationKey = c3BsaW5raW5ndGhlcGx1bWJ1c3NpbmN1OTU

apiHostname = 466993018.duosecurity.com

failOpen = True

timeout = 60

A.
If Splunk cannot connect to the multifactor authentication provider, all logins will be denied.
Answers
A.
If Splunk cannot connect to the multifactor authentication provider, all logins will be denied.
B.
Multifactor authentication is required to log into the host operating system.
Answers
B.
Multifactor authentication is required to log into the host operating system.
C.
The secretKey does not need to be protected since multifactor authentication is turned on.
Answers
C.
The secretKey does not need to be protected since multifactor authentication is turned on.
D.
If Splunk cannot connect to the multifactor authentication provider, authentications will be successful without completing a multifactor challenge.
Answers
D.
If Splunk cannot connect to the multifactor authentication provider, authentications will be successful without completing a multifactor challenge.
Suggested answer: D

Explanation:

The failOpen setting in the [duoMFA] stanza determines how Splunk software handles authentication requests when it cannot connect to the Duo Security service. If failOpen is set to True, as in this example, Splunk software allows users to log in without completing a multifactor challenge. If failOpen is set to False, Splunk software denies all logins when it cannot connect to Duo Security. This setting is independent of the authentication type or the secretKey protection.References=Connect to Duo Security for multifactor authentication

Show Answer
asked 23/09/2024
francesca parisi
25 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms