SPLK-1003 · Question #195
Which scenario is applicable given the stanzas in authentication.conf below?
The correct answer is B. If Splunk cannot connect to the multifactor authentication provider, authentications will be. The scenario described corresponds to 'fail open' behavior, controlled by the 'failOpen = true' setting in authentication.conf. When this is set, if Splunk cannot reach the multifactor authentication provider (e.g., Duo Security is unreachable), login attempts will succeed anyway
Question
Which scenario is applicable given the stanzas in authentication.conf below?
Exhibit
Options
- AMultifactor authentication is required to log into the host operating system.
- BIf Splunk cannot connect to the multifactor authentication provider, authentications will be
- CIf Splunk cannot connect to the multifactor authentication provider, all logins will be denied.
- DThe secretKey does not need to be protected since multifactor authentication is turned on.
How the community answered
(18 responses)- A6% (1)
- B89% (16)
- D6% (1)
Explanation
The scenario described corresponds to 'fail open' behavior, controlled by the 'failOpen = true' setting in authentication.conf. When this is set, if Splunk cannot reach the multifactor authentication provider (e.g., Duo Security is unreachable), login attempts will succeed anyway rather than being blocked. This is a deliberate availability-over-security trade-off. Answer C (all logins denied) describes fail-closed behavior (failOpen = false). Answers A and D are unrelated: MFA in authentication.conf applies to Splunk logins, not OS logins, and secretKey must always be protected regardless of MFA status.
Topics
Community Discussion
No community discussion yet for this question.
