Home

Home / Splunk / SPLK-2003

Question list

List of questions

Question 1

(0)

Configuring Phantom search to use an external Splunk server provides which of the following benefits?

Question 2

(0)

Within the 12A2 design methodology, which of the following most accurately describes the last step?

Question 3

(0)

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been mad

Question 4

(0)

An active playbook can be configured to operate on all containers that share which attribute?

Question 5

(0)

Which of the following applies to filter blocks?

Question 6

(0)

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of

Question 7

(0)

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

Question 8

(0)

Which of the following are examples of things commonly done with the Phantom REST APP

Question 9

(0)

Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?

Question 10

(0)

Without customizing container status within Phantom, what are the three types of status for a container?

Open VPLUS File

Convert VPLUS to PDF

Related questions

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

Which of the following can be configured in the ROI Settings?

How can the DECIDED process be restarted?

Which of the following queries would return all artifacts that contain a SHA1 file hash?

What are the components of the I2A2 design methodology?

What is the default embedded search engine used by SOAR?

After a playbook has run, where are the results stored?

Which is the primary system requirement that should be increased with heavy usage of the file vault?

What values can be applied when creating Custom CEF field?

Question 47 - SPLK-2003 discussion

Report

Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?

A.

Notes

B.

Actions

C.

Service level agreement (SLA) expiration

D.

Playbooks

Show Answer

asked 23/09/2024

Brent Kehoe

34 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first