nerdexam
Splunk

SPLK-1003 · Question #29

Local user accounts created in Splunk store passwords in which file?

The correct answer is A. $ SFLUNK_HOME/etc/passwd. Splunk stores locally created user account passwords in $SPLUNK_HOME/etc/passwd. This file holds hashed credentials for all local Splunk user accounts. It is analogous in name to the Unix /etc/passwd file but is specific to Splunk's internal authentication. Options B and D refere

Users and Roles

Question

Local user accounts created in Splunk store passwords in which file?

Options

  • A$ SFLUNK_HOME/etc/passwd
  • B$ SFLUNK_HOME/etc/authentication
  • C$ S?LUNK_HOME/etc/users/passwd.conf
  • D$ SPLUNK HOME/etc/users/authentication.conf

How the community answered

(47 responses)
  • A
    89% (42)
  • B
    2% (1)
  • C
    6% (3)
  • D
    2% (1)

Explanation

Splunk stores locally created user account passwords in $SPLUNK_HOME/etc/passwd. This file holds hashed credentials for all local Splunk user accounts. It is analogous in name to the Unix /etc/passwd file but is specific to Splunk's internal authentication. Options B and D reference files with 'authentication' in the path, which are not where password hashes are stored. Option C incorrectly specifies a per-user subdirectory path ($SPLUNK_HOME/etc/users/passwd.conf) - Splunk does use the etc/users/ directory for user-specific preference files, but passwords are stored in the top-level etc/passwd file, not within a per-user folder.

Topics

#User Management#Local Accounts#File System#Security

Community Discussion

No community discussion yet for this question.

Full SPLK-1003 Practice