Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.
Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.A . On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.B...
During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?
During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?A . The container has artifacts not parameters.B . The playbook is using an incorrect container.C . The playbook debugger's scope is set to new.D...
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?A . superuser, administratorB . phantomcreate. phantomeditC . phantomsearch, phantomdeleteD . admin,userView AnswerAnswer: A
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches.
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possibleA . Enter the two queries in the asset as comma separated values.B . Configure the second query...
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?A . Include the notable event's event_id field and set the artifacts label to aplunk notable event id.B . Rename the event_id field from the notable event to...
Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?
Which of the following are the default ports that must be configured on Splunk to allow connections from Phantom?A . SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)B . SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)C . SplunkWeb (8421), SplunkD (8061), HTTP Collector (8798)D . SplunkWeb (8000), SplunkD (8089), HTTP Collector...
What other user authentication method is supported?
Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?A . SAML3B . PIV/CACC . BiometricsD . OpenIDView AnswerAnswer: A
Within the 12A2 design methodology, which of the following most accurately describes the last step?
Within the 12A2 design methodology, which of the following most accurately describes the last step?A . List of the apps used by the playbook.B . List of the actions of the playbook design.C . List of the outputs of the playbook design.D . List of the data needed to run...
Without customizing container status within Phantom, what are the three types of status for a container?
Without customizing container status within Phantom, what are the three types of status for a container?A . New, In Progress, ClosedB . Low, Medium, HighC . Mew, Open, ResolvedD . Low, Medium, CriticalView AnswerAnswer: A
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?A . Any of the integrated Splunk/Phantom AppsB . Splunk App for Phantom Reporting.C . Splunk App for Phantom.D . Phantom App for Splunk.View AnswerAnswer: A