SPLK-2003 by Splunk Actual Free Exam Questions And Answers

Question 1

Which of the following will show all artifacts that have the term results in a filePath CEF value?

A. .../rest/artifact?_filter_cef_filePath_icontain=''results''

B. .../result/artifacts/cef/filePath= '%results%''

C. ...rest/artifacts/filePath=''%results%''

D. .../result/artifact?_query_cef_filepath_icontains=''results

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Two action blocks, geolocate_ip_1 and file_reputation_2, are connected to a decision block.
Which of the following is a correct configuration for making a decision on the action results from one of the given blocks?

A. Select parameter set to: file_reputation_2:action_result.data.*.response_code; evaluation option set to: ==; and the Select Value set to: custom_list:Banned Countries.

B. Select parameter set to: geolocate_ip_1:action_result.cef.*.country_iso_code; evaluation option set to: !=; and the Select Value box left empty.

C. Select parameter set to: geolocate_ip_1:action_result.data.*.country_iso_code; evaluation option set to: in; and the Select Value set to: custom_list:Banned Countries.

D. Select parameter set to: file_reputation_2:action_result.cef.*.response_code; evaluation option set to: in; and the Select Value set to: United States.

Discussion 0

Correct Answer: C Vote an answer

Question 3

Why does SOAR use wildcards within artifact data paths?

A. To make decision execution in playbooks run faster.

B. To make data access in playbooks easier.

C. To make playbooks more specific.

D. To make playbooks filter out nulls.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which of the following is a reason to create a new role in SOAR?

A. To define a set of users who have access to a restricted app.

B. To define a set of users who have access to an event's reports.

C. To define a set of users who have access to a sensitive tag.

D. To define a set of users who have access to a special label.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Where can the Splunk App for SOAR Export be downloaded from?

A. SOAR Community and GitHub.

B. Splunkbase and SOAR Community.

C. GitHub and Splunkbase.

D. Splunk Answers and Splunkbase.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

Configuring SOAR search to use an external Splunk server provides which of the following benefits?

A. The ability to ingest Splunk notable events into SOAR.

B. The ability to run more complex reports on SOAR activities.

C. The ability to display results as Splunk dashboards within SOAR.

D. The ability to automate Splunk searches within SOAR.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which of the following queries would return all failed playbook runs from the REST API?

A. https://<PHANTOM_URL>/rest/playbook_run?_filter_status "failed"

B. https://<PHANTOM_URL>/rest/playbook_run?_filter_status failed

C. https://<PHANTOM_URL>/rest/playbook_run?_search_status=failed

D. https://<PHANTOM_URL>/rest/playbook_run?_query_status="failed"

Discussion 0

Correct Answer: D Vote an answer

Splunk Phantom Certified Admin - SPLK-2003 Exam Practice Test

Contact Us

Useful Links

Latest Updated