Download Splunk.SPLK-2003.VCEplus.2023-05-22.58q.vcex

Download Exam

File Info

Exam Splunk SOAR Certified Automation Developer
Number SPLK-2003
File Name Splunk.SPLK-2003.VCEplus.2023-05-22.58q.vcex
Size 187 KB
Posted May 22, 2023
Download Splunk.SPLK-2003.VCEplus.2023-05-22.58q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Configuring Phantom search to use an external Splunk server provides which of the following benefits?


  1. The ability to run more complex reports on Phantom activities.
  2. The ability to ingest Splunk notable events into Phantom.
  3. The ability to automate Splunk searches within Phantom.
  4. The ability to display results as Splunk dashboards within Phantom.
Correct answer: C



Question 2

Within the 12A2 design methodology, which of the following most accurately describes the last step?


  1. List of the apps used by the playbook.
  2. List of the actions of the playbook design.
  3. List of the outputs of the playbook design.
  4. List of the data needed to run the playbook.
Correct answer: D



Question 3

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.


  1. On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.
  2. On the command line enter: sudo phenv python ibackup.pyc --backup —backup-type full, then sudo phenv python ibackup.pyc --setup.
  3. Within the UI: Select from the main menu Administration > System Health > Backup.
  4. Within the UI: Select from the main menu Administration > Product Settings > Backup.
Correct answer: B



Question 4

An active playbook can be configured to operate on all containers that share which attribute?


  1. Artifact
  2. Label
  3. Tag
  4. Severity
Correct answer: B



Question 5

Which of the following applies to filter blocks?


  1. Can select which blocks have access to container data.
  2. Can select assets by tenant, approver, or app.
  3. Can be used to select data for use by other blocks.
  4. Can select containers by seventy or status.
Correct answer: A



Question 6

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?


  1. Incorrect Join configuration on the second playbook.
  2. The first playbook is performing poorly.
  3. The steep option for the second playbook is not set to a long enough interval.
  4. Synchronous execution has not been configured.
Correct answer: A



Question 7

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?


  1. Use the py-postgresq1 module to directly save the data in the Postgres database.
  2. Cal the child playbooks getter function.
  3. Create artifacts using one playbook and collect those artifacts in another playbook.
  4. Use the Handle method to pass data directly between playbooks.
Correct answer: A
Explanation:



Question 8

Which of the following are examples of things commonly done with the Phantom REST APP


  1. Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.
  2. Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.
  3. Use Django queries; use curl to create a container and add artifacts to it; add action blocks.
  4. Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.
Correct answer: C



Question 9

Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?


  1. SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)
  2. SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)
  3. SplunkWeb (8421), SplunkD (8061), HTTP Collector (8798)
  4. SplunkWeb (8000), SplunkD (8089), HTTP Collector (8088)
Correct answer: D



Question 10

Without customizing container status within Phantom, what are the three types of status for a container?


  1. New, In Progress, Closed
  2. Low, Medium, High
  3. Mew, Open, Resolved
  4. Low, Medium, Critical
Correct answer: A









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files