SPLK-2003無料問題集「Splunk Phantom Certified Admin」

質問 1

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible

（A）Install a second Splunk app and configure the query in the second app.

（B）Configure the second query in the Phantom app for Splunk.

（C）Configure a second Splunk asset with the second query.

（D）Enter the two queries in the asset as comma separated values.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?

（A）Rename the event_id field from the notable event to splunkNotableEventld.

（B）Include the event_id field in the search results and add a CEF definition to Phantom for event_id, datatype splunk notable event id.

（C）Add a custom field to the container named event_id and set the custom field's data type to splunk notable event id.

（D）Include the notable event's event_id field and set the artifacts label to aplunk notable event id.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?

（A）Add a tag with restricted access to the restricted playbooks.

（B）Make sure the Execute Playbook capability is removed from al roles except admin.

（C）Place restricted playbooks in a second source repository that has restricted access.

（D）Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which set of steps will show the most detailed information for action results on the Investigation page?

（A）Clicking the arrow next to the action within the recent activities pane.

（B）Viewing the evidence tab within the main display area.

（C）Viewing the action widget within the main display area.

（D）Clicking on the action within the recent activity pane.

正解：A 解答を投票する

質問 5

Which app allows a user to send Splunk Enterprise Security notable events to Phantom?

（A）Any of the integrated Splunk/Phantom Apps

（B）Splunk App for Phantom Reporting.

（C）Phantom App for Splunk.

（D）Splunk App for Phantom.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

What is the default embedded search engine used by SOAR?

（A）Embedded Splunk search engine.

（B）Embedded Elastic search engine.

（C）Embedded SOAR search engine.

（D）Embedded Django search engine.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following items cannot be modified once entered into SOAR?

（A）A note.

（B）A container.

（C）An artifact.

（D）A comment.

正解：C 解答を投票する

質問 8

What primary integrations does Splunk SOAR provide for Role administration? (Choose all that apply.)

（A）LDAP

（B）SAML

（C）OpenID

（D）Local Authentication

正解：A、B 解答を投票する

質問 9

Configuring Phantom search to use an external Splunk server provides which of the following benefits?

（A）The ability to automate Splunk searches within Phantom.

（B）The ability to ingest Splunk notable events into Phantom.

（C）The ability to run more complex reports on Phantom activities.

（D）The ability to display results as Splunk dashboards within Phantom.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Where can the Splunk App for SOAR Export be downloaded from?

（A）SOAR Community and GitHub.

（B）Splunkbase and SOAR Community.

（C）Splunk Answers and Splunkbase.

（D）GitHub and Splunkbase.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

SPLK-2003 無料問題集「Splunk Phantom Certified Admin」

弊社を連絡する

関連リンク

トップ試験