Splunk SPLK-2003 Exam Practice Test Instant Access

Question 1

How does a user determine which app actions are available?

AAdd an action block to a playbook canvas area.

BSearch the Apps category in the global search field.

CFrom the Apps menu, click the supported actions dropdown for each app.

DIn the visual playbook editor, click Active and click the Available App Actions dropdown.

Answer : B

Question 2

Which is the primary system requirement that should be increased with heavy usage of the file vault?

AAmount of memory.

BNumber of processors.

CAmount of storage.

DBandwidth of network.

Answer : C

Question 3

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

AMap CIM to CEF fields.

BCreate a Splunk alert that uses the event_forward.py script to send events to Phantom.

CMap CEF to CIM fields.

DCreate a saved search that generates the JSON for the new container on Phantom.

Answer : C

Question 4

What is the main purpose of using a customized workbook?

AWorkbooks automatically implement a customized processing of events using Python code.

BWorkbooks guide user activity and coordination during event analysis and case operations.

CWorkbooks apply service level agreements (SLAs) to containers and monitor completion status on the ROI dashboard.

DWorkbooks may not be customized; only default workbooks are permitted within Phantom.

Answer : D

Question 5

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?

AUse the contextual menu from the artifact and select run playbook.

BUse the run playbook dialog and set the scope to the artifact.

CCreate a new container including Just the artifact in question.

DUse the contextual menu from the artifact and select the actions.

Answer : C

Question 6

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?

ANull IP addresses

BNon-null IP addresses

CNon-null destinationAddresses

DNull values

Answer : D

Question 7

What is the default embedded search engine used by Phantom?

AEmbedded Splunk search engine.

BEmbedded Phantom search engine.

CEmbedded Elastic search engine.

DEmbedded Django search engine.

Answer : C

Splunk SPLK-2003 Splunk SOAR Certified Automation Developer Exam Practice Test