New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Splunk SPLK-2003 Splunk SOAR Certified Automation Developer Exam Exam Practice Test

Demo: 33 questions
Total 110 questions

Splunk SOAR Certified Automation Developer Exam Questions and Answers

Question 1

Which of the following applies to filter blocks?

Options:

A.

Can select which blocks have access to container data.

B.

Can select assets by tenant, approver, or app.

C.

Can be used to select data for use by other blocks.

D.

Can select containers by seventy or status.

Question 2

Where can the Splunk App for SOAR Export be downloaded from?

Options:

A.

GitHub and Splunkbase.

B.

SOAR Community and GitHub.

C.

Splunkbase and SOAR Community.

D.

Splunk Answers and Splunkbase.

Question 3

An active playbook can be configured to operate on all containers that share which attribute?

Options:

A.

Artifact

B.

Label

C.

Tag

D.

Severity

Question 4

Which Phantom API command is used to create a custom list?

Options:

A.

phantom.add_list()

B.

phantom.create_list()

C.

phantom.include_list()

D.

phantom.new_list()

Question 5

If no data matches any filter conditions, what is the next block run by the playbook?

Options:

A.

The end block.

B.

The start block.

C.

The filter block.

D.

The next block.

Question 6

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?

Options:

A.

Synchronous execution has not been configured.

B.

The first playbook is performing poorly.

C.

The sleep option for the second playbook is not set to a long enough interval.

D.

Incorrect join configuration on the second playbook.

Question 7

Within the 12A2 design methodology, which of the following most accurately describes the last step?

Options:

A.

List of the apps used by the playbook.

B.

List of the actions of the playbook design.

C.

List of the outputs of the playbook design.

D.

List of the data needed to run the playbook.

Question 8

What is the default embedded search engine used by SOAR?

Options:

A.

Embedded Splunk search engine.

B.

Embedded SOAR search engine.

C.

Embedded Django search engine.

D.

Embedded Elastic search engine.

Question 9

How is a Django filter query performed?

Options:

A.

By adding parameters to the URL similar to the following: phantom/rest/container?_filter_tags_contains="sumo".

B.

phantom/rest/search/app/contains/"sumo"

C.

Browse to the Django Filter Query Editor in the Administration panel.

D.

Install the SOAR Django App first, then configure the search query in the App editor.

Question 10

Why is it good playbook design to create smaller and more focused playbooks? (select all that apply)

Options:

A.

Reduces amount of playbook data stored in each repo.

B.

Reduce large complex playbooks which become difficult to maintain.

C.

Encourages code reuse in a more compartmentalized form.

D.

To avoid duplication of code across multiple playbooks.

Question 11

Which Phantom VPE Nock S used to add information to custom lists?

Options:

A.

Action blocks

B.

Filter blocks

C.

API blocks

D.

Decision blocks

Question 12

What do assets provide for app functionality?

Options:

A.

Assets provide location, credentials, and other parameters needed to run actions.

B.

Assets provide hostnames, passwords, and other artifacts needed to run actions.

C.

Assets provide Python code, REST API, and other capabilities needed to run actions.

D.

Assets provide firewall, network, and data sources needed to run actions.

Question 13

After a playbook has run, where are the results stored?

Options:

A.

Splunk Index

B.

Case

C.

Container

D.

Log file

Question 14

Which app allows a user to run Splunk queries from within Phantom?

Options:

A.

Splunk App for Phantom

B.

The Integrated Splunk/Phantom app.

C.

Phantom App for Splunk.

D.

Splunk App for Phantom Reporting.

Question 15

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?

Options:

A.

Use the contextual menu from the artifact and select run playbook.

B.

Use the run playbook dialog and set the scope to the artifact.

C.

Create a new container including Just the artifact in question.

D.

Use the contextual menu from the artifact and select the actions.

Question 16

Which of the following items cannot be modified once entered into SOAR?

Options:

A.

A container.

B.

An artifact.

C.

A comment.

D.

A note.

Question 17

How is it possible to evaluate user prompt results?

Options:

A.

Set action_result.summary. status to required.

B.

Set the user prompt to reinvoke if it times out.

C.

Set action_result. summary. response to required.

D.

Add a decision Mode

Question 18

Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?

Options:

A.

Notes

B.

Actions

C.

Service level agreement (SLA) expiration

D.

Playbooks

Question 19

Which app allows a user to send Splunk Enterprise Security notable events to Phantom?

Options:

A.

Any of the integrated Splunk/Phantom Apps

B.

Splunk App for Phantom Reporting.

C.

Splunk App for Phantom.

D.

Phantom App for Splunk.

Question 20

On the Splunk search head, when configuring the app to search SOAR searchable content, what are the two requirements to complete the app setup?

Options:

A.

User accounts and universal forwarder.

B.

User accounts and an HTTP Event Collector token.

C.

User accounts and REST API.

D.

User accounts and syslog.

Question 21

What are indicators?

Options:

A.

Action result items that determine the flow of execution in a playbook.

B.

Action results that may appear in multiple containers.

C.

Artifact values that can appear in multiple containers.

D.

Artifact values with special security significance.

Question 22

Which of the following actions will store a compressed, secure version of an email attachment with suspected malware for future analysis?

Options:

A.

Copy/paste the attachment into a note.

B.

Add a link to the file in a new artifact.

C.

Use the Files tab on the Investigation page to upload the attachment.

D.

Use the Upload action of the Secure Store app to store the file in the database.

Question 23

What is the primary objective of using the I2A2 playbook design methodology?

Options:

A.

To create detailed playbooks.

B.

To create playbooks that customers will not edit.

C.

To meet customer requirements using a single playbook.

D.

To create simple, reusable, modular playbooks.

Question 24

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?

Options:

A.

Null IP addresses

B.

Non-null IP addresses

C.

Non-null destinationAddresses

D.

Null values

Question 25

Which of the following is the complete list of the types of backups that are supported by Phantom?

Options:

A.

Full backups.

B.

Full, delta, and incremental backups.

C.

Full and incremental backups.

D.

Full and delta backups.

Question 26

In addition to full backups. Phantom supports what other backup type using backup?

Options:

A.

Snapshot

B.

Incremental

C.

Partial

D.

Differential

Question 27

On a multi-tenant Phantom server, what is the default tenant's ID?

Options:

A.

0

B.

Default

C.

1

D.

*

Question 28

How can a child playbook access the parent playbook's action results?

Options:

A.

Child playbooks can access parent playbook data while the parent Is still running.

B.

By setting scope to ALL when starting the child.

C.

When configuring the playbook block in the parent, add the desired results in the Scope parameter.

D.

The parent can create an artifact with the data needed by the did.

Question 29

Why does SOAR use wildcards within artifact data paths?

Options:

A.

To make playbooks more specific.

B.

To make playbooks filter out nulls.

C.

To make data access in playbooks easier.

D.

To make decision execution in playbooks run faster.

Question 30

Regarding the Splunk SOAR Automation Broker requirements, which of the following statements is not correct?

Options:

A.

The Splunk SOAR Automation Broker requires outbound/egress connectivity to the Splunk SOAR (Cloud) or Splunk SOAR (On-premises) instance.

B.

The Splunk SOAR Automation Broker must be able to connect to TCP port 443 (HTTPS) on the Splunk SOAR (Cloud) or Splunk SOAR (On-premises) instance.

C.

The Splunk SOAR Automation Broker requires both inbound/ingress and outbound/egress connectivity to the Splunk SOAR (Cloud) or Splunk SOAR (On-premises) instance.

D.

The Splunk SOAR Automation Broker requires inbound/ingress network connection from the Splunk SOAR (Cloud) or Splunk SOAR (On-premises) instance.

Question 31

What are the components of the I2A2 design methodology?

Options:

A.

Inputs, Interactions, Actions, Apps

B.

Inputs, Interactions, Actions, Artifacts

C.

Inputs, Interactions, Apps, Artifacts

D.

Inputs, Interactions, Actions, Assets

Question 32

Which of the following are the default ports that must be configured on Splunk to allow connections from SOAR?

Options:

A.

SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)

B.

SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)

C.

SplunkWeb (8000), SplunkD (8089), HTTP Collector (8088)

D.

SplunkWeb (8469), SplunkD (8702), HTTP Collector (8864)

Question 33

Which of the following is a reason to create a new role in SOAR?

Options:

A.

To define a set of users who have access to a special label.

B.

To define a set of users who have access to a restricted app.

C.

To define a set of users who have access to an event's reports.

D.

To define a set of users who have access to a sensitive tag.

Demo: 33 questions
Total 110 questions