SPLK-2003 V1

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?A . Use the contextual menu from the artifact and select run playbook.B . Use the run playbook dialog and set the scope to the artifact.C . Create a new container including Just the...

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.A . On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.B...

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possibleA . Enter the two queries in the asset as comma separated values.B . Configure the second query...

Which of the following will show all artifacts that have the term results in a filePath CEF value?A . .../rest/artifact?_filter_cef_filePath_icontain=''results''B . ...rest/artifacts/filePath=''%results%''C . .../result/artifacts/cef/filePath= '%results%''D . .../result/artifact?_query_cef_filepath_icontains=''resultsView AnswerAnswer: A Explanation: The correct answer is A because the _filter parameter is used to filter the results based on a field value,...

Within the 12A2 design methodology, which of the following most accurately describes the last step?A . List of the apps used by the playbook.B . List of the actions of the playbook design.C . List of the outputs of the playbook design.D . List of the data needed to run...

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?A . Use the py-postgresq1 module to directly save the data in the Postgres database.B . Cal the child playbooks...

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?A . phantom.debug()B . phantom.exception()C . phantom.print ()D . phantom.assert()View AnswerAnswer: A Explanation: The phantom.debug() function is used within Splunk SOAR playbooks to output debug information to the debug window in the Visual...

Configuring Phantom search to use an external Splunk server provides which of the following benefits?A . The ability to run more complex reports on Phantom activities.B . The ability to ingest Splunk notable events into Phantom.C . The ability to automate Splunk searches within Phantom.D . The ability to display...

During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?A . The container has artifacts not parameters.B . The playbook is using an incorrect container.C . The playbook debugger's scope is set to new.D...

On a multi-tenant Phantom server, what is the default tenant's ID?A . 0B . DefaultC . 1D . *View AnswerAnswer: C Explanation: The correct answer is C because the default tenant’s ID is 1. The tenant ID is a unique identifier for each tenant on a multi-tenant Phantom server. The...