SPLK-2003 exam

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possibleA . Enter the two queries in the asset as comma separated values.B . Configure the second query...

Which of the following will show all artifacts that have the term results in a filePath CEF value?A . .../rest/artifact?_filter_cef_filePath_icontain=''results''B . ...rest/artifacts/filePath=''%results%''C . .../result/artifacts/cef/filePath= '%results%''D . .../result/artifact?_query_cef_filepath_icontains=''resultsView AnswerAnswer: A Explanation: The correct answer is A because the _filter parameter is used to filter the results based on a field value,...

Within the 12A2 design methodology, which of the following most accurately describes the last step?A . List of the apps used by the playbook.B . List of the actions of the playbook design.C . List of the outputs of the playbook design.D . List of the data needed to run...

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?A . Use the py-postgresq1 module to directly save the data in the Postgres database.B . Cal the child playbooks...

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?A . phantom.debug()B . phantom.exception()C . phantom.print ()D . phantom.assert()View AnswerAnswer: A Explanation: The phantom.debug() function is used within Splunk SOAR playbooks to output debug information to the debug window in the Visual...

Configuring Phantom search to use an external Splunk server provides which of the following benefits?A . The ability to run more complex reports on Phantom activities.B . The ability to ingest Splunk notable events into Phantom.C . The ability to automate Splunk searches within Phantom.D . The ability to display...

During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?A . The container has artifacts not parameters.B . The playbook is using an incorrect container.C . The playbook debugger's scope is set to new.D...

On a multi-tenant Phantom server, what is the default tenant's ID?A . 0B . DefaultC . 1D . *View AnswerAnswer: C Explanation: The correct answer is C because the default tenant’s ID is 1. The tenant ID is a unique identifier for each tenant on a multi-tenant Phantom server. The...

Which of the following applies to filter blocks?A . Can select which blocks have access to container data.B . Can select assets by tenant, approver, or app.C . Can be used to select data for use by other blocks.D . Can select containers by seventy or status.View AnswerAnswer: C Explanation:...

Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?A . SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)B . SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)C . SplunkWeb (8421), SplunkD (8061), HTTP Collector (8798)D . SplunkWeb (8000), SplunkD (8089), HTTP Collector...