SPLK-2003 Study Guide: Latest [Sep 29, 2022] Realistic Verified SPLK-2003 Dumps
SPLK-2003 Questions & Practice Test are Available On-Demand
NEW QUESTION 23
How can a child playbook access the parent playbook's action results?
- A. When configuring the playbook block in the parent, add the desired results in the Scope parameter.
- B. The parent can create an artifact with the data needed by the did.
- C. By setting scope to ALL when starting the child.
- D. Child playbooks can access parent playbook data while the parent Is still running.
Answer: C
NEW QUESTION 24
Which of the following supported approaches enables Phantom to run on a Windows server?
- A. Run the Phantom OVA as a virtual machine.
- B. Install the Phantom RPM file in Windows Subsystem for Linux (WSL).
- C. Run the Phantom OVA as a cloud instance.
- D. Install the Phantom RPM in a GNU Cygwin implementation.
Answer: C
NEW QUESTION 25
What is the default embedded search engine used by Phantom?
- A. Embedded Django search engine.
- B. Embedded Phantom search engine.
- C. Embedded Elastic search engine.
- D. Embedded Splunk search engine.
Answer: C
NEW QUESTION 26
Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?
- A. Service level agreement (SLA) expiration
- B. Actions
- C. Notes
- D. Playbooks
Answer: B
NEW QUESTION 27
What are the differences between cases and events?
- A. Cases: incidents with a known violation and a plan for correction.
Events: occurrences in the system that may require a response. - B. Case: potential threats.
Events: identified as a specific kind of problem and need a structured approach. - C. Cases: contain a collection of containers.
Events: contain potential threats. - D. Cases: only include high-level incident artifacts.
Events: only include low-level incident artifacts.
Answer: B
NEW QUESTION 28
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
- A. Map CEF to CIM fields.
- B. Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
- C. Create a saved search that generates the JSON for the new container on Phantom.
- D. Map CIM to CEF fields.
Answer: A
NEW QUESTION 29
Without customizing container status within Phantom, what are the three types of status for a container?
- A. New, In Progress, Closed
- B. Low, Medium, Critical
- C. Low, Medium, High
- D. Mew, Open, Resolved
Answer: A
NEW QUESTION 30
Which of the following is the complete list of the types of backups that are supported by Phantom?
- A. Full and incremental backups.
- B. Full backups.
- C. Full and delta backups.
- D. Full, delta, and incremental backups.
Answer: A
NEW QUESTION 31
How can an individual asset action be manually started?
- A. With the > asset button in the asset configuration section.
- B. By executing a playbook in the Playbooks section.
- C. With the > action button in the analyst queue page.
- D. With the > action button in the Investigation page.
Answer: D
NEW QUESTION 32
A user wants to get the playbook results for a single artifact. Which steps will accomplish the?
- A. Use the contextual menu from the artifact and select run playbook.
- B. Create a new container including Just the artifact in question.
- C. Use the contextual menu from the artifact and select the actions.
- D. Use the run playbook dialog and set the scope to the artifact.
Answer: B
NEW QUESTION 33
Which Phantom VPE Nock S used to add information to custom lists?
- A. API blocks
- B. Action blocks
- C. Decision blocks
- D. Filter blocks
Answer: A
NEW QUESTION 34
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?
- A. Place restricted playbooks in a second source repository that has restricted access.
- B. Add a tag with restricted access to the restricted playbooks.
- C. Make sure the Execute Playbook capability is removed from al roles except admin.
- D. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.
Answer: D
NEW QUESTION 35
On a multi-tenant Phantom server, what is the default tenant's ID?
- A. 0
- B. *
- C. Default
- D. 1
Answer: B
NEW QUESTION 36
Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?
- A. phantom.exception()
- B. phantom.debug()
- C. phantom.assert()
- D. phantom.print ()
Answer: C
NEW QUESTION 37
Which of the following will show all artifacts that have the term results in a filePath CEF value?
- A. .../result/artifacts/cef/filePath= '%results%''
- B. .../rest/artifact?_filter_cef_filePath_icontain=''results''
- C. .../result/artifact?_query_cef_filepath_icontains=''results
- D. ...rest/artifacts/filePath=''%results%''
Answer: C
NEW QUESTION 38
Which of the following is a best practice for use of the global block?
- A. Import packages which will be used within the playbook.
- B. Execute code at the beginning of each run of the playbook.
- C. Declare outputs which will be selectable within playbook blocks.
- D. Execute custom code after each run of the playbook.
Answer: B
NEW QUESTION 39
After enabling multi-tenancy, which of the Mowing is the first configuration step?
- A. Set default tenant base address.
- B. Change the tenant permissions.
- C. Select the associated tenant artifacts.
- D. Configure the default tenant.
Answer: B
NEW QUESTION 40
How does a user determine which app actions are available?
- A. In the visual playbook editor, click Active and click the Available App Actions dropdown.
- B. Add an action block to a playbook canvas area.
- C. From the Apps menu, click the supported actions dropdown for each app.
- D. Search the Apps category in the global search field.
Answer: D
NEW QUESTION 41
Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.
- A. On the command line enter: sudo phenv python ibackup.pyc --backup -backup-type full, then sudo phenv python ibackup.pyc --setup.
- B. Within the UI: Select from the main menu Administration > Product Settings > Backup.
- C. Within the UI: Select from the main menu Administration > System Health > Backup.
- D. On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc
--backup.
Answer: A
NEW QUESTION 42
Which of the following accurately describes the Files tab on the Investigate page?
- A. A user can upload the output from a detonate action to the the files tab for further investigation.
- B. Phantom memory requirements remain static, regardless of Files tab usage.
- C. Files tab items cannot be added to investigations. Instead, add them to action blocks.
- D. Files tab items and artifacts are the only data sources that can populate active cases.
Answer: B
NEW QUESTION 43
How can the debug log for a playbook execution be viewed?
- A. In Administration > System Health > Playbook Run History, select the playbook execution entry, then select Log.
- B. Click Expand Scope m the debug window.
- C. Open the playbook in the Visual Playbook Editor, and select Debug Logs in Settings.
- D. On the Investigation page, select Debug Log from the playbook's action menu in the Recent Activity panel.
Answer: B
NEW QUESTION 44
After a successful POST to a Phantom REST endpoint to create a new object what result is returned?
- A. The full CEF name.
- B. The new object ID.
- C. The PostGres UUID.
- D. The new object name.
Answer: C
NEW QUESTION 45
Within the 12A2 design methodology, which of the following most accurately describes the last step?
- A. List of the apps used by the playbook.
- B. List of the data needed to run the playbook.
- C. List of the actions of the playbook design.
- D. List of the outputs of the playbook design.
Answer: B
NEW QUESTION 46
......
Valid SPLK-2003 Exam Dumps Ensure you a HIGH SCORE: https://exam-labs.itpassleader.com/Splunk/SPLK-2003-dumps-pass-exam.html