ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
How can the DECIDED process be restarted?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
Which of the following can be configured in the ROI Settings?
What are the components of the I2A2 design methodology?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
What is the default embedded search engine used by SOAR?
After a playbook has run, where are the results stored?
Which is the primary system requirement that should be increased with heavy usage of the file vault?
What values can be applied when creating Custom CEF field?

Question 7 - SPLK-2003 discussion

Report
Export

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

A.
Use the py-postgresq1 module to directly save the data in the Postgres database.
Answers
A.
Use the py-postgresq1 module to directly save the data in the Postgres database.
B.
Cal the child playbooks getter function.
Answers
B.
Cal the child playbooks getter function.
C.
Create artifacts using one playbook and collect those artifacts in another playbook.
Answers
C.
Create artifacts using one playbook and collect those artifacts in another playbook.
D.
Use the Handle method to pass data directly between playbooks.
Answers
D.
Use the Handle method to pass data directly between playbooks.
Suggested answer: C

Explanation:

The correct answer is C because creating artifacts using one playbook and collecting thoseartifacts in another playbook is a best practice for data sharing across playbooks. Artifacts aredata objects that are associated with a container and can be used to store information such asIP addresses, URLs, file hashes, etc. Artifacts can be created using theadd artifactaction in anyplaybook block and can be collected using theget artifactsaction in thefilterblock. Artifacts canalso be used to trigger active playbooks based on their label or type. SeeSplunk SOARDocumentationfor more details.In the context of Splunk SOAR, one of the best practices for data sharing across playbooks is tocreate artifacts in one playbook and use another playbook to collect and utilize those artifacts.Artifacts in Splunk SOAR are structured data related to security incidents (containers) thatplaybooks can act upon. By creating artifacts in one playbook, you can effectively pass data andcontext to subsequent playbooks, allowing for modular, reusable, and interconnected playbookdesigns. This approach promotes efficiency, reduces redundancy, and enhances the playbook'sability to handle complex workflows.

Show Answer
asked 23/09/2024
Lara Umemoto
49 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms