SPLK-2003試験無料問題集（112題）「Splunk Phantom Certified Admin 認定」

出題：1

What is the simplest way to pass data between playbooks?

A. Action results

B. KV Store

C. Artifacts

D. File system

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

When is using decision blocks most useful?

A. When modifying downstream data hi one or more paths in the playbook.

B. When selecting one (or zero) possible paths in the playbook.

C. When evaluating complex, multi-value results or artifacts.

D. When processing different data in parallel.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following are examples of things commonly done with the Phantom REST APP

A. Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.

B. Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.

C. Use Django queries; use curl to create a container and add artifacts to it; add action blocks.

D. Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What do assets provide for app functionality?

A. Assets provide Python code, REST API, and other capabilities needed to run actions.

B. Assets provide location, credentials, and other parameters needed to run actions.

C. Assets provide hostnames, passwords, and other artifacts needed to run actions.

D. Assets provide firewall, network, and data sources needed to run actions.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

How can parent and child playbooks pass information to each other?

A. The parent must create a new artifact in the event named return_xxx, and the child must return values by creating artifacts with the naming convention arg_xxx.

B. The parent can pass arguments to the child when called, and the child can return values from the end block.

C. The parent must create a new artifact in the event named arg_xxx, and the child must return values by creating artifacts with the naming convention return_xxx.

D. The parent can pass arguments to the child when called, but the child can only pass values back as new artifacts in the event.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

How can the debug log for a playbook execution be viewed?

A. On the Investigation page, select Debug Log from the playbook's action menu in the Recent Activity panel.

B. In Administration > System Health > Playbook Run History, select the playbook execution entry, then select Log.

C. Click Expand Scope m the debug window.

D. Open the playbook in the Visual Playbook Editor, and select Debug Logs in Settings.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

In this image, which container fields are searched for the text "Malware"?

A. Event Name and Artifact Names.

B. Event Name or ID.

C. Event Name, Notes, Comments.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following is an advantage of using the Visual Playbook Editor?

A. Supports Python or Javascript.

B. The Visual Playbook Editor is the only way to generate user prompts.

C. Easier playbook maintenance.

D. Eliminates any need to use Python code.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following is an asset ingestion setting in SOAR?

A. File format

B. Polling Interval

C. Operating system

D. Tag

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?

A. admin,user

B. superuser, administrator

C. phantomcreate. phantomedit

D. phantomsearch, phantomdelete

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-2003試験無料問題集「Splunk Phantom Certified Admin 認定」