The correct answer is C. On Deployment Server, $SPLUNK_HOME/etc/deployment-apps.

A deployment server is a Splunk Enterprise instance that acts as a centralized configuration manager for any number of other instances, called “deployment clients”. A deployment client can be a universal forwarder, a non-clustered indexer, or a search head1.

A deployment app is a directory that contains any content that you want to download to a set of deployment clients. The content can include a Splunk Enterprise app, a set of Splunk Enterprise configurations, or other content, such as scripts, images, and supporting files2.

You create a deployment app by creating a directory for it on the deployment server. The default location is $SPLUNK_HOME/etc/deployment-apps, but this is configurable through the repositoryLocation attribute in serverclass.conf. Underneath this location, each app must have its own subdirectory. The name of the subdirectory serves as the app name in the forwarder management interface2.

The other options are incorrect because:

A. On Universal Forwarder, $SPLUNK_HOME/etc/apps. This is the location where the deployment app resides after it is downloaded from the deployment server to the universal forwarder. It is not the location of the app before it is deployed2.

B. On Deployment Server, $SPLUNK_HOME/etc/apps. This is the location where the apps that are specific to the deployment server itself reside. It is not the location where the deployment apps for the clients are stored2.

D. On Universal Forwarder, $SPLUNK_HOME/etc/deployment-apps. This is not a valid location for any app on a universal forwarder. The universal forwarder does not act as a deployment server and does not store deployment apps3.

Splunk REST API is a valid method to create a Splunk user. The Splunk REST API allows administrators to create, edit, and delete users programmatically using HTTP requests. The other options are not valid methods to create a Splunk user. Creating a support ticket does not create a user, but requests assistance from Splunk support. Creating a user on the host operating system does not create a Splunk user, but a system user. Adding the username to users.conf does not create a user, but modifies the configuration file that stores user information. References = Configure users with the CLI, Configure users and roles

https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/ConfigureLDAPwithSplunkWeb

" You can map either users or groups, but not both. If you are using groups, all users must be members of an appropriate group. Groups inherit capabilities form the highest level role they ' re a member of. " " If your LDAP environment does not have group entries, you can treat each user as its own group. "

https://docs.splunk.com/Documentation/Splunk/8.2.2/Admin/Distdeploylicenses#:~:text=License%20requirements,do%20not%20index%20external%20data.

" All Splunk Enterprise instances functioning as management components needs access to an Enterprise license. Management components include the deployment server, the indexer cluster manager node, the search head cluster deployer, and the monitoring console. "

https://docs.splunk.com/Documentation/Splunk/8.2.2/Updating/Aboutdeploymentserver

" The deployment server is the tool for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances. "

https://docs.splunk.com/Documentation/Splunk/9.0.0/DistSearch/Distributedsearchgroups

https://docs.splunk.com/Documentation/Splunk/8.0.3/Data/Monitornetworkports

https://docs.splunk.com/Documentation/Splunk/latest/Data/Whitelistorblacklistspecificincomingdata#Include_or_exclude_specific_incoming_data