SPLK-2003試験無料問題集（112題）「Splunk Phantom Certified Admin 認定」

出題：1

An active playbook can be configured to operate on all containers that share which attribute?

A. Artifact

B. Label

C. Tag

D. Severity

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following items cannot be modified once entered into SOAR?

A. An artifact.

B. A note.

C. A container.

D. A comment.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

What is the default embedded search engine used by Phantom?

A. Embedded Elastic search engine.

B. Embedded Splunk search engine.

C. Embedded Phantom search engine.

D. Embedded Django search engine.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following is an asset ingestion setting in SOAR?

A. File format

B. Polling Interval

C. Operating system

D. Tag

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?

A. Use the contextual menu from the artifact and select run playbook.

B. Use the run playbook dialog and set the scope to the artifact.

C. Use the contextual menu from the artifact and select the actions.

D. Create a new container including Just the artifact in question.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

What is the default log level for system health debug logs?

A. ERROR

B. INFO

C. WARN

D. DEBUG

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following actions will store a compressed, secure version of an email attachment with suspected malware for future analysis?

A. Use the Upload action of the Secure Store app to store the file in the database.

B. Add a link to the file in a new artifact.

C. Use the Files tab on the Investigation page to upload the attachment.

D. Copy/paste the attachment into a note.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What are the components of the I2A2 design methodology?

A. Inputs, Interactions, Actions, Artifacts

B. Inputs, Interactions, Actions, Assets

C. Inputs, Interactions, Actions, Apps

D. Inputs, Interactions, Apps, Artifacts

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

To limit the impact of custom code on the VPE, where should the custom code be placed?

A. A separate code repository.

B. A custom container or a separate KV store.

C. A custom function block.

D. A separate container.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?

A. The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

B. The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

C. The remote Splunk search head is currently offline.

D. Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-2003試験無料問題集「Splunk Phantom Certified Admin 認定」