Which configuration file and stanza pair will mask possible SSNs in the log events?

SPLK-1003 0 Comments

Social Security Numbers (PII) data is found in log events, which is against company policy. SSN format is as follows: 123-44-5678.

Which configuration file and stanza pair will mask possible SSNs in the log events?
A . props.conf [mask-SSN]
REX = (?ms)^(.)<[SSN>d{3}-?d{2}-?(d{4}.*)$" FORMAT = $1<SSN>###-##-$2
KEY = _raw
B . props.conf
[mask-SSN]
REGEX = (?ms)^(.)<[SSN>d{3}-?d{2}-?(d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
DEST_KEY = _raw
C . transforms.conf [mask-SSN]
REX = (?ms)^(.)<[SSN>d{3}-?d{2}-?(d{4}.*)$" FORMAT = $1<SSN>###-##-$2 DEST_KEY = _raw
D . transforms.conf
[mask-SSN]
REGEX = (?ms)^(.)<[SSN>d{3}-?d{2}-?(d{4}.*)$"
FORMAT = $1<SSN>###-##-$2
DEST_KEY = _raw

Answer: D

Explanation:

because transforms.conf is the right configuration file to state the regex expression. https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/Transformsconf

Reference: https://community.splunk.com/t5/Archive/How-to-mask-SSN-into-our-logs-going-into-Splunk/tdp/433035

Latest SPLK-1003 Dumps Valid Version with 119 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SPLK-1003 PDF     SPLK-1003 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments