ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
Which of the following can be configured in the ROI Settings?
How can the DECIDED process be restarted?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
What are the components of the I2A2 design methodology?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
What is the default embedded search engine used by SOAR?
What values can be applied when creating Custom CEF field?
After a playbook has run, where are the results stored?
Which is the primary system requirement that should be increased with heavy usage of the file vault?

Question 67 - SPLK-2003 discussion

Report
Export

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

A.

Make sure the Execute Playbook capability is removed from all roles except admin.

Answers
A.

Make sure the Execute Playbook capability is removed from all roles except admin.

B.

Place restricted playbooks in a second source repository that has restricted access.

Answers
B.

Place restricted playbooks in a second source repository that has restricted access.

C.

Add a filter block to all restricted playbooks that filters for runRole = 'Admin'.

Answers
C.

Add a filter block to all restricted playbooks that filters for runRole = 'Admin'.

D.

Add a tag with restricted access to the restricted playbooks.

Answers
D.

Add a tag with restricted access to the restricted playbooks.

Suggested answer: A

Explanation:

To restrict playbook execution to members of the admin role within Splunk SOAR, the 'Execute Playbook' capability must be managed appropriately. This is done by ensuring that this capability is removed from all other roles except the admin role. Role-based access control (RBAC) in Splunk SOAR allows for granular permissions, which means you can configure which roles have the ability to execute playbooks, and by restricting this capability, you can control which users are able to initiate playbook runs.

Show Answer
asked 13/11/2024
Maxime ESSIS
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms