Splunk SPLK-2003 Certification Exam Dumps with 60 Practice Test Questions
New SPLK-2003 Exam Dumps with High Passing Rate
NEW QUESTION 30
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
- A. Rename the event_id field from the notable event to splunkNotableEventld.
- B. Add a custom field to the container named event_id and set the custom field's data type to splunk notable event id.
- C. Include the event_id field in the search results and add a CEF definition to Phantom for event_id, datatype splunk notable event id.
- D. Include the notable event's event_id field and set the artifacts label to aplunk notable event id.
Answer: B
NEW QUESTION 31
Which of the following are examples of things commonly done with the Phantom REST APP
- A. Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.
- B. Use Django queries; use curl to create a container and add artifacts to it; add action blocks.
- C. Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.
- D. Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.
Answer: B
NEW QUESTION 32
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?
- A. The first playbook is performing poorly.
- B. Synchronous execution has not been configured.
- C. Incorrect Join configuration on the second playbook.
- D. The steep option for the second playbook is not set to a long enough interval.
Answer: C
NEW QUESTION 33
What are indicators?
- A. Artifact values that can appear in multiple containers.
- B. Artifact values with special security significance.
- C. Action result items that determine the flow of execution in a playbook.
- D. Action results that may appear in multiple containers.
Answer: A
NEW QUESTION 34
Which of the following can the format block be used for?
- A. To generate arrays for input into other functions.
- B. To generate string parameters for automated action blocks.
- C. To create text strings that merge state text with dynamic values for input or output.
- D. To generate HTML or CSS content for output in email messages, user prompts, or comments.
Answer: C
NEW QUESTION 35
In addition to full backups. Phantom supports what other backup type using backup?
- A. Snapshot
- B. Differential
- C. Partial
- D. Incremental
Answer: D
NEW QUESTION 36
During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?
- A. The playbook debugger's scope is set to all.
- B. The container has artifacts not parameters.
- C. The playbook debugger's scope is set to new.
- D. The playbook is using an incorrect container.
Answer: B
NEW QUESTION 37
When working with complex datapaths, which operator is used to access a sub-element inside another element?
- A. !(pipe)
- B. :(colon)
- C. .(dot)
- D. *(asterisk)
Answer: A
NEW QUESTION 38
Is it possible to import external Python libraries such as the time module?
- A. No.
- B. Yes. from a drop down menu.
- C. Yes, in the global block.
- D. No, but this can be changed by setting the proper permissions.
Answer: C
NEW QUESTION 39
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?
- A. Make sure the Execute Playbook capability is removed from al roles except admin.
- B. Add a tag with restricted access to the restricted playbooks.
- C. Place restricted playbooks in a second source repository that has restricted access.
- D. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.
Answer: D
NEW QUESTION 40
Which of the following describes the use of labels m Phantom?
- A. Labels control the default seventy, ownership, and sensitivity for the container.
- B. Labels determine the service level agreement (SLA) for a container.
- C. Labels determine which playbook(s) are executed when a container is created.
- D. Labels control which apps are allowed to execute actions on the container.
Answer: A
NEW QUESTION 41
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?
- A. Phantom App for Splunk.
- B. Splunk App for Phantom.
- C. Any of the integrated Splunk/Phantom Apps
- D. Splunk App for Phantom Reporting.
Answer: C
NEW QUESTION 42
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
- A. Null values
- B. Non-null destinationAddresses
- C. Non-null IP addresses
- D. Null IP addresses
Answer: A
NEW QUESTION 43
What is enabled if the Logging option for a playbook's settings is enabled?
- A. More detailed logging information Is available m the Investigation page.
- B. All modifications to the playbook will be written to the audit log.
- C. The playbook will write detailed execution information into the spawn.log.
- D. More detailed information is available in the debug window.
Answer: C
NEW QUESTION 44
A user wants to get the playbook results for a single artifact. Which steps will accomplish the?
- A. Use the contextual menu from the artifact and select run playbook.
- B. Use the run playbook dialog and set the scope to the artifact.
- C. Create a new container including Just the artifact in question.
- D. Use the contextual menu from the artifact and select the actions.
Answer: C
NEW QUESTION 45
An active playbook can be configured to operate on all containers that share which attribute?
- A. Tag
- B. Label
- C. Severity
- D. Artifact
Answer: B
NEW QUESTION 46
......
Get SPLK-2003 Braindumps & SPLK-2003 Real Exam Questions: https://www.vceprep.com/SPLK-2003-latest-vce-prep.html
Splunk SPLK-2003 Actual Questions and Braindumps: https://drive.google.com/open?id=1Bdmjp_6uDnPug-n_W_DgiGBmBx4lU8Kk