Home

Home / Splunk / SPLK-2003

Question list

List of questions

Question 1

(0)

Configuring Phantom search to use an external Splunk server provides which of the following benefits?

Question 2

(0)

Within the 12A2 design methodology, which of the following most accurately describes the last step?

Question 3

(0)

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been mad

Question 4

(0)

An active playbook can be configured to operate on all containers that share which attribute?

Question 5

(0)

Which of the following applies to filter blocks?

Question 6

(0)

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of

Question 7

(0)

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

Question 8

(0)

Which of the following are examples of things commonly done with the Phantom REST APP

Question 9

(0)

Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?

Question 10

(0)

Without customizing container status within Phantom, what are the three types of status for a container?

Open VPLUS File

Convert VPLUS to PDF

Related questions

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?

Which of the following can be configured in the ROI Settings?

How can the DECIDED process be restarted?

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

What are the components of the I2A2 design methodology?

Which of the following queries would return all artifacts that contain a SHA1 file hash?

What is the default embedded search engine used by SOAR?

What values can be applied when creating Custom CEF field?

After a playbook has run, where are the results stored?

Which is the primary system requirement that should be increased with heavy usage of the file vault?

Question 62 - SPLK-2003 discussion

Report

Which of the following queries would return all artifacts that contain a SHA1 file hash?

A.

https://<PHANTOM_URL>/rest/artifact?_filter_cef_md5_insull=false

B.

https://<PHANTOM_URL>/rest/artifact?_filter_cef_Shal_contains=''''

C.

https://<PHANTOM_URL>/rest/artifact?_filter_cef_shal_insull=False

D.

https://<PHANTOM_URL>/rest/artifact?_filter_shal__insull=False

Show Answer

asked 13/11/2024

Nabil MHB

44 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first