nerdexam
Splunk

SPLK-1003 · Question #195

Which scenario is applicable given the stanzas in authentication.conf below?

The correct answer is B. If Splunk cannot connect to the multifactor authentication provider, authentications will be. The scenario described corresponds to 'fail open' behavior, controlled by the 'failOpen = true' setting in authentication.conf. When this is set, if Splunk cannot reach the multifactor authentication provider (e.g., Duo Security is unreachable), login attempts will succeed anyway

Users and Roles

Question

Which scenario is applicable given the stanzas in authentication.conf below?

Exhibit

SPLK-1003 question #195 exhibit

Options

  • AMultifactor authentication is required to log into the host operating system.
  • BIf Splunk cannot connect to the multifactor authentication provider, authentications will be
  • CIf Splunk cannot connect to the multifactor authentication provider, all logins will be denied.
  • DThe secretKey does not need to be protected since multifactor authentication is turned on.

How the community answered

(18 responses)
  • A
    6% (1)
  • B
    89% (16)
  • D
    6% (1)

Explanation

The scenario described corresponds to 'fail open' behavior, controlled by the 'failOpen = true' setting in authentication.conf. When this is set, if Splunk cannot reach the multifactor authentication provider (e.g., Duo Security is unreachable), login attempts will succeed anyway rather than being blocked. This is a deliberate availability-over-security trade-off. Answer C (all logins denied) describes fail-closed behavior (failOpen = false). Answers A and D are unrelated: MFA in authentication.conf applies to Splunk logins, not OS logins, and secretKey must always be protected regardless of MFA status.

Topics

#Multifactor Authentication (MFA)#authentication.conf#Security Configuration#Authentication Failure Handling

Community Discussion

No community discussion yet for this question.

Full SPLK-1003 Practice