ExamGecko
Search Search Login
Home Home / Splunk / SPLK-2003
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following can be configured in the ROI Settings?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?
How can the DECIDED process be restarted?
Which of the following queries would return all artifacts that contain a SHA1 file hash?
What are the components of the I2A2 design methodology?
What is the default embedded search engine used by SOAR?
After a playbook has run, where are the results stored?
Which is the primary system requirement that should be increased with heavy usage of the file vault?
What values can be applied when creating Custom CEF field?

Question 26 - SPLK-2003 discussion

Report
Export

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?

A.
Null IP addresses
Answers
A.
Null IP addresses
B.
Non-null IP addresses
Answers
B.
Non-null IP addresses
C.
Non-null destinationAddresses
Answers
C.
Non-null destinationAddresses
D.
Null values
Answers
D.
Null values
Suggested answer: B

Explanation:

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- ,would permit only non-null IP addresses to pass forward to the next block. The !- operatormeans ''is not null''. The other options are not valid because they either include null values orother fields than sourceAddress. SeeFilter blockfor more details. A filter block in Splunk SOARthat is configured with the condition artifact.*.cef.sourceAddress != (assuming the intentionwas to use '!=' to denote 'not equal to') is designed to allow data that has non-nullsourceAddress values to pass through to subsequent blocks. This means that any artifact datawithin the container that includes a sourceAddress field with a defined value (i.e., an actual IPaddress) will be permitted to move forward in the playbook. The filter effectively screens outany artifacts that do not have a source address specified, focusing the playbook's actions onthose artifacts that contain valid IP address information in the sourceAddress field.

Show Answer
asked 23/09/2024
Paolo D Amelio
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms