Summer Special Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SPLK-2003 Questions and Answers

Question # 6

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

A.

Map CIM to CEF fields.

B.

Create a Splunk alert that uses the event_forward.py script to send events to Phantom.

C.

Map CEF to CIM fields.

D.

Create a saved search that generates the JSON for the new container on Phantom.

Full Access
Question # 7

How is a Django filter query performed?

A.

By adding parameters to the URL similar to the following: phantom/rest/container?_filter_tags_contains="sumo".

B.

phantom/rest/search/app/contains/"sumo"

C.

Browse to the Django Filter Query Editor in the Administration panel.

D.

Install the SOAR Django App first, then configure the search query in the App editor.

Full Access
Question # 8

When is using decision blocks most useful?

A.

When selecting one (or zero) possible paths in the playbook.

B.

When processing different data in parallel.

C.

When evaluating complex, multi-value results or artifacts.

D.

When modifying downstream data hi one or more paths in the playbook.

Full Access
Question # 9

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.

A.

On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.

B.

On the command line enter: sudo phenv python ibackup.pyc --backup —backup-type full, then sudo phenv python ibackup.pyc --setup.

C.

Within the UI: Select from the main menu Administration > System Health > Backup.

D.

Within the UI: Select from the main menu Administration > Product Settings > Backup.

Full Access
Question # 10

Without customizing container status within SOAR, what are the three types of status for a container?

A.

New, Open, Resolved

B.

Low, Medium, High

C.

New, In Progress, Closed

D.

Low, Medium, Critical

Full Access
Question # 11

How does a user determine which app actions are available?

A.

Add an action block to a playbook canvas area.

B.

Search the Apps category in the global search field.

C.

From the Apps menu, click the supported actions dropdown for each app.

D.

In the visual playbook editor, click Active and click the Available App Actions dropdown.

Full Access
Question # 12

What is the default embedded search engine used by SOAR?

A.

Embedded Splunk search engine.

B.

Embedded SOAR search engine.

C.

Embedded Django search engine.

D.

Embedded Elastic search engine.

Full Access
Question # 13

How can the debug log for a playbook execution be viewed?

A.

On the Investigation page, select Debug Log from the playbook's action menu in the Recent Activity panel.

B.

Click Expand Scope m the debug window.

C.

In Administration > System Health > Playbook Run History, select the playbook execution entry, then select Log.

D.

Open the playbook in the Visual Playbook Editor, and select Debug Logs in Settings.

Full Access
Question # 14

Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?

A.

SAML3

B.

PIV/CAC

C.

Biometrics

D.

OpenID

Full Access
Question # 15

The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?

A.

The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

B.

The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

C.

The remote Splunk search head is currently offline.

D.

Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

Full Access
Question # 16

Configuring SOAR search to use an external Splunk server provides which of the following benefits?

A.

The ability to run more complex reports on SOAR activities.

B.

The ability to ingest Splunk notable events into SOAR.

C.

The ability to automate Splunk searches within SOAR.

D.

The ability to display results as Splunk dashboards within SOAR.

Full Access
Question # 17

Which of the following actions will store a compressed, secure version of an email attachment with suspected malware for future analysis?

A.

Copy/paste the attachment into a note.

B.

Add a link to the file in a new artifact.

C.

Use the Files tab on the Investigation page to upload the attachment.

D.

Use the Upload action of the Secure Store app to store the file in the database.

Full Access
Question # 18

Which of the following is an asset ingestion setting in SOAR?

A.

Polling Interval

B.

Tag

C.

File format

D.

Operating system

Full Access
Question # 19

When working with complex data paths, which operator is used to access a sub-element inside another element?

A.

!(pipe)

B.

*(asterisk)

C.

:(colon)

D.

.(dot)

Full Access
Question # 20

Which Phantom API command is used to create a custom list?

A.

phantom.add_list()

B.

phantom.create_list()

C.

phantom.include_list()

D.

phantom.new_list()

Full Access
Question # 21

To limit the impact of custom code on the VPE, where should the custom code be placed?

A.

A custom container or a separate KV store.

B.

A separate code repository.

C.

A custom function block.

D.

A separate container.

Full Access
Question # 22

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

A.

phantom.debug()

B.

phantom.exception()

C.

phantom.print ()

D.

phantom.assert()

Full Access
Question # 23

An active playbook can be configured to operate on all containers that share which attribute?

A.

Artifact

B.

Label

C.

Tag

D.

Severity

Full Access
Question # 24

What is the simplest way to pass data between playbooks?

A.

Action results

B.

File system

C.

Artifacts

D.

KV Store

Full Access
Question # 25

Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?

A.

superuser, administrator

B.

phantomcreate. phantomedit

C.

phantomsearch, phantomdelete

D.

admin,user

Full Access
Question # 26

Which two playbook blocks can discern which path in the playbook to take next?

A.

Prompt and decision blocks.

B.

Decision and action blocks.

C.

Filter and decision blocks.

D.

Filter and prompt blocks.

Full Access
Question # 27

When writing a custom function that uses regex to extract the domain name from a URL, a user wants to create a new artifact for the extracted domain. Which of the following Python API calls will create a new artifact?

A.

phantom.new_artifact ()

B.

phantom. update ()

C.

phantom.create_artifact ()

D.

phantom.add_artifact ()

Full Access
Question # 28

Which of the following applies to filter blocks?

A.

Can select which blocks have access to container data.

B.

Can select assets by tenant, approver, or app.

C.

Can be used to select data for use by other blocks.

D.

Can select containers by seventy or status.

Full Access