SPLK-2003試験無料問題集（112題）「Splunk Phantom Certified Admin 認定」

出題：1

Which of the following views provides a holistic view of an incident - providing event metadata, Service Level Agreement status, Severity, sensitivity of an event, and other detailed event info?

A. Analyst

B. Technical

C. Investigation

D. Executive

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Configuring Phantom search to use an external Splunk server provides which of the following benefits?

A. The ability to ingest Splunk notable events into Phantom.

B. The ability to display results as Splunk dashboards within Phantom.

C. The ability to run more complex reports on Phantom activities.

D. The ability to automate Splunk searches within Phantom.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

When the Splunk App for SOAR Export executes a Splunk search, which activities are completed?

A. CEF fields are mapped to CIM flelds and a container is created on the SOAR server.

B. CIM fields are mapped to CEF fields and a container is created on the SOAR server.

C. CEF fields are mapped to CIM and a container is created on the Splunk server.

D. CIM fields are mapped to CEF and a container is created on the Splunk server.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which app allows a user to send Splunk Enterprise Security notable events to Phantom?

A. Any of the integrated Splunk/Phantom Apps

B. Splunk App for Phantom Reporting.

C. Splunk App for Phantom.

D. Phantom App for Splunk.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?

A. Type the CEF datapath in manually.

B. Edit the container to allow CEF parameters.

C. Delete and recreate the artifact.

D. Edit the artifact to enable the List as Parameter option for the CEF value.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

What are the components of the I2A2 design methodology?

A. Inputs, Interactions, Actions, Artifacts

B. Inputs, Interactions, Actions, Assets

C. Inputs, Interactions, Actions, Apps

D. Inputs, Interactions, Apps, Artifacts

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

What is enabled if the Logging option for a playbook's settings is enabled?

A. More detailed logging information Is available m the Investigation page.

B. More detailed information is available in the debug window.

C. All modifications to the playbook will be written to the audit log.

D. The playbook will write detailed execution information into the spawn.log.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When is using decision blocks most useful?

A. When modifying downstream data hi one or more paths in the playbook.

B. When selecting one (or zero) possible paths in the playbook.

C. When evaluating complex, multi-value results or artifacts.

D. When processing different data in parallel.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which of the following is a reason to create a new role in SOAR?

A. To define a set of users who have access to an event's reports.

B. To define a set of users who have access to a sensitive tag.

C. To define a set of users who have access to a special label.

D. To define a set of users who have access to a restricted app.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which of the following can be edited or deleted in the Investigation page?

A. Action results

B. Comments

C. Approval records

D. Artifact values

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

SPLK-2003試験無料問題集「Splunk Phantom Certified Admin 認定」