SPLK-2003試験無料問題集（112題）「Splunk Phantom Certified Admin 認定」

出題：1

Which of the following accurately describes the Files tab on the Investigate page?

A. Files tab items cannot be added to investigations. Instead, add them to action blocks.

B. Phantom memory requirements remain static, regardless of Files tab usage.

C. Files tab items and artifacts are the only data sources that can populate active cases.

D. A user can upload the output from a detonate action to the the files tab for further investigation.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

In addition to full backups. Phantom supports what other backup type using backup?

A. Partial

B. Differential

C. Snapshot

D. Incremental

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is an asset ingestion setting in SOAR?

A. File format

B. Polling Interval

C. Operating system

D. Tag

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Why is it good playbook design to create smaller and more focused playbooks? (select all that apply)

A. Encourages code reuse in a more compartmentalized form.

B. Reduce large complex playbooks which become difficult to maintain.

C. To avoid duplication of code across multiple playbooks.

D. Reduces amount of playbook data stored in each repo.

正解：A,B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

How can parent and child playbooks pass information to each other?

A. The parent must create a new artifact in the event named return_xxx, and the child must return values by creating artifacts with the naming convention arg_xxx.

B. The parent can pass arguments to the child when called, and the child can return values from the end block.

C. The parent must create a new artifact in the event named arg_xxx, and the child must return values by creating artifacts with the naming convention return_xxx.

D. The parent can pass arguments to the child when called, but the child can only pass values back as new artifacts in the event.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?

A. Make sure the Execute Playbook capability is removed from al roles except admin.

B. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.

C. Add a tag with restricted access to the restricted playbooks.

D. Place restricted playbooks in a second source repository that has restricted access.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What is the default log level for system health debug logs?

A. ERROR

B. INFO

C. WARN

D. DEBUG

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A customer wants to design a modular and reusable set of playbooks that all communicate with each other.
Which of the following is a best practice for data sharing across playbooks?

A. Cal the child playbooks getter function.

B. Use the py-postgresq1 module to directly save the data in the Postgres database.

C. Use the Handle method to pass data directly between playbooks.

D. Create artifacts using one playbook and collect those artifacts in another playbook.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

What is the primary objective of using the I2A2 playbook design methodology?

A. To create detailed playbooks.

B. To meet customer requirements using a single playbook.

C. To create playbooks that customers will not edit.

D. To create simple, reusable, modular playbooks.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

A new project requires event data from SOAR to be sent to an external system via REST. All events with the label notable that are in new status should be sent. Which of the following REST Django expressions will select the correct events?

A.

B.

C.

D.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-2003試験無料問題集「Splunk Phantom Certified Admin 認定」