ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following can be configured in the ROI Settings?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
How can the DECIDED process be restarted?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
What are the components of the I2A2 design methodology?
What is the default embedded search engine used by SOAR?
After a playbook has run, where are the results stored?
Which is the primary system requirement that should be increased with heavy usage of the file vault?
What values can be applied when creating Custom CEF field?

Question 81 - SPLK-2003 discussion

Report
Export

The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?

A.

The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

Answers
A.

The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

B.

The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

Answers
B.

The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

C.

The remote Splunk search head is currently offline.

Answers
C.

The remote Splunk search head is currently offline.

D.

Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

Answers
D.

Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

Suggested answer: B

Explanation:

If, after configuring an external Splunk search head for search in SOAR, the search results do not include content that was previously returned, one possible issue could be that the user account configured on the SOAR side does not have the required permissions (such as the 'phantomsearch' capability) enabled on the Splunk side. This capability is necessary for the SOAR server to execute searches and retrieve results from the Splunk search head.

Show Answer
asked 13/11/2024
RJ MOTAUNG
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms