- All Exams Instant Download
Without customizing container status within Phantom, what are the three types of status for a container?
Without customizing container status within Phantom, what are the three types of status for a container?A . New, In Progress, ClosedB . Low, Medium, HighC . Mew, Open, ResolvedD . Low, Medium, CriticalView AnswerAnswer: A Explanation: Within Splunk SOAR, containers (which represent incidents, cases, or events) have a lifecycle that...
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
Which of the following is a step when configuring event forwarding from Splunk to Phantom?A . Map CIM to CEF fields.B . Create a Splunk alert that uses the event_forward.py script to send events to Phantom.C . Map CEF to CIM fields.D . Create a saved search that generates the...
What is the main purpose of using a customized workbook?
What is the main purpose of using a customized workbook?A . Workbooks automatically implement a customized processing of events using Python code.B . Workbooks guide user activity and coordination during event analysis and case operations.C . Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the...
What are indicators?
What are indicators?A . Action result items that determine the flow of execution in a playbook.B . Action results that may appear in multiple containers.C . Artifact values that can appear in multiple containers.D . Artifact values with special security significance.View AnswerAnswer: C Explanation: Indicators in Splunk SOAR (formerly Phantom)...
What is the cause of this behavior?
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?A . Incorrect Join configuration on the second playbook.B . The first playbook is performing...
What values can be applied when creating Custom CEF field?
What values can be applied when creating Custom CEF field?A . NameB . Name, Data TypeC . Name, ValueD . Name, Data Type, SeverityView AnswerAnswer: B Explanation: Custom CEF fields can be created with a name and a data type. The name must be unique and the data type must...
Which steps will accomplish the?
A user wants to get the playbook results for a single artifact. Which steps will accomplish the?A . Use the contextual menu from the artifact and select run playbook.B . Use the run playbook dialog and set the scope to the artifact.C . Create a new container including Just the...
Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.
Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.A . On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.B...
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possibleA . Enter the two queries in the asset as comma separated values.B . Configure the second query...
Which of the following will show all artifacts that have the term results in a filePath CEF value?
Which of the following will show all artifacts that have the term results in a filePath CEF value?A . .../rest/artifact?_filter_cef_filePath_icontain=''results''B . ...rest/artifacts/filePath=''%results%''C . .../result/artifacts/cef/filePath= '%results%''D . .../result/artifact?_query_cef_filepath_icontains=''resultsView AnswerAnswer: A Explanation: The correct answer is A because the _filter parameter is used to filter the results based on a field value,...
