SPLK-2003無料問題集「Splunk Phantom Certified Admin」

質問 1

When the Splunk App for SOAR Export executes a Splunk search, which activities are completed?

（A）CEF fields are mapped to CIM flelds and a container is created on the SOAR server.

（B）CEF fields are mapped to CIM and a container is created on the Splunk server.

（C）CIM fields are mapped to CEF and a container is created on the Splunk server.

（D）CIM fields are mapped to CEF fields and a container is created on the SOAR server.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Why is it good playbook design to create smaller and more focused playbooks? (select all that apply)

（A）To avoid duplication of code across multiple playbooks.

（B）Reduce large complex playbooks which become difficult to maintain.

（C）Reduces amount of playbook data stored in each repo.

（D）Encourages code reuse in a more compartmentalized form.

正解：A、B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Why is it good playbook design to create smaller and more focused playbooks? (select all that apply)

（A）To avoid duplication of code across multiple playbooks.

（B）Reduce large complex playbooks which become difficult to maintain.

（C）Reduces amount of playbook data stored in each repo.

（D）Encourages code reuse in a more compartmentalized form.

正解：A、B、D 解答を投票する

質問 4

Without customizing container status within SOAR, what are the three types of status for a container?

（A）Low, Medium, Critical

（B）New, Open, Resolved

（C）New, In Progress, Closed

（D）Low, Medium, High

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

When is using decision blocks most useful?

（A）When modifying downstream data hi one or more paths in the playbook.

（B）When processing different data in parallel.

（C）When evaluating complex, multi-value results or artifacts.

（D）When selecting one (or zero) possible paths in the playbook.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?

（A）The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

（B）The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

（C）Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

（D）The remote Splunk search head is currently offline.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?

（A）Add a tag with restricted access to the restricted playbooks.

（B）Make sure the Execute Playbook capability is removed from al roles except admin.

（C）Place restricted playbooks in a second source repository that has restricted access.

（D）Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following roles is appropriate for a Splunk SOAR account that will only be used to execute automated tasks?

（A）Service Account

（B）Non-Human

（C）Automation Engineer

（D）Automation

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

Which of the following can be configured in the ROI Settings?

（A）Number of full time employees (FTEs).

（B）Analyst hours per month.

（C）Annual analyst salary.

（D）Time lost.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Without customizing container status within SOAR, what are the three types of status for a container?

（A）Low, Medium, Critical

（B）New, Open, Resolved

（C）New, In Progress, Closed

（D）Low, Medium, High

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SPLK-2003 無料問題集「Splunk Phantom Certified Admin」

弊社を連絡する

関連リンク

トップ試験