[Oct-2023] SPLK-2003 PDF Dumps Are Helpful To produce Your Dreams Correct QA's [Q14-Q38] : Latest Exam Prep : http://certify.vceprep.com

This page was exported from Latest Exam Prep [ http://certify.vceprep.com ]
Export date: Fri Apr 4 16:51:58 2025 / +0000 GMT

[Oct-2023] SPLK-2003 PDF Dumps Are Helpful To produce Your Dreams Correct QA's [Q14-Q38]

[Oct-2023] SPLK-2003 PDF Dumps Are Helpful To produce Your Dreams Correct QA's

New SPLK-2003 exam Free Sample Questions to Practice

Q14. When is using decision blocks most useful?

When selecting one (or zero) possible paths in the playbook.

When processing different data in parallel.

When evaluating complex, multi-value results or artifacts.

When modifying downstream data hi one or more paths in the playbook.

Q15. When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible

Enter the two queries in the asset as comma separated values.

Configure the second query in the Phantom app for Splunk.

Install a second Splunk app and configure the query in the second app.

Configure a second Splunk asset with the second query.

Q16. In this image, which container fields are searched for the text “Malware”?

Event Name and Artifact Names.

Event Name, Notes, Comments.

Event Name or ID.

Q17. What is the simplest way to pass data between playbooks?

Action results

File system

Artifacts

KV Store

Q18. How can the debug log for a playbook execution be viewed?

On the Investigation page, select Debug Log from the playbook’s action menu in the Recent Activity panel.

Click Expand Scope m the debug window.

In Administration > System Health > Playbook Run History, select the playbook execution entry, then select Log.

Open the playbook in the Visual Playbook Editor, and select Debug Logs in Settings.

Q19. A user wants to use their Splunk Cloud instance as the external Splunk instance for Phantom. What ports need to be opened on the Splunk Cloud instance to facilitate this? Assume default ports are in use.

TCP 8088 and TCP 8099.

TCP 80 and TCP 443.

Splunk Cloud is not supported.

TCP 8080 and TCP 8191.

Q20. A customer wants to design a modular and reusable set of playbooks that all communicate with each other.
Which of the following is a best practice for data sharing across playbooks?

Use the py-postgresq1 module to directly save the data in the Postgres database.

Cal the child playbooks getter function.

Create artifacts using one playbook and collect those artifacts in another playbook.

Use the Handle method to pass data directly between playbooks.

Q21. What is the main purpose of using a customized workbook?

Workbooks automatically implement a customized processing of events using Python code.

Workbooks guide user activity and coordination during event analysis and case operations.

Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the ROI dashboard.

Workbooks may not be customized; only default workbooks are permitted within Phantom.

Q22. Without customizing container status within Phantom, what are the three types of status for a container?

New, In Progress, Closed

Low, Medium, High

Mew, Open, Resolved

Low, Medium, Critical

Q23. After enabling multi-tenancy, which of the Mowing is the first configuration step?

Select the associated tenant artifacts.

Change the tenant permissions.

Set default tenant base address.

Configure the default tenant.

Q24. Within the 12A2 design methodology, which of the following most accurately describes the last step?

List of the apps used by the playbook.

List of the actions of the playbook design.

List of the outputs of the playbook design.

List of the data needed to run the playbook.

Q25. Within the 12A2 design methodology, which of the following most accurately describes the last step?

List of the apps used by the playbook.

List of the actions of the playbook design.

List of the outputs of the playbook design.

List of the data needed to run the playbook.

Q26. How does a user determine which app actions are available?

Add an action block to a playbook canvas area.

Search the Apps category in the global search field.

From the Apps menu, click the supported actions dropdown for each app.

In the visual playbook editor, click Active and click the Available App Actions dropdown.

Q27. Which of the following will show all artifacts that have the term results in a filePath CEF value?

…/rest/artifact?_filter_cef_filePath_icontain=”results”

…rest/artifacts/filePath=”%results%”

…/result/artifacts/cef/filePath= ‘%results%”

…/result/artifact?_query_cef_filepath_icontains=”results

Q28. Which app allows a user to run Splunk queries from within Phantom?

Splunk App for Phantom?

The Integrated Splunk/Phantom app.

Phantom App for Splunk.

Splunk App for Phantom Reporting.

Q29. Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment’ Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.

On the command line enter: rode sudo python ibackup.pyc –setup, then audo phenv python ibackup.pyc
–backup.

On the command line enter: sudo phenv python ibackup.pyc –backup -backup-type full, then sudo phenv python ibackup.pyc –setup.

Within the UI: Select from the main menu Administration > System Health > Backup.

Within the UI: Select from the main menu Administration > Product Settings > Backup.

Q30. A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?

Incorrect Join configuration on the second playbook.

The first playbook is performing poorly.

The steep option for the second playbook is not set to a long enough interval.

Synchronous execution has not been configured.

Q31. A user wants to get the playbook results for a single artifact. Which steps will accomplish the?

Use the contextual menu from the artifact and select run playbook.

Use the run playbook dialog and set the scope to the artifact.

Create a new container including Just the artifact in question.

Use the contextual menu from the artifact and select the actions.

Q32. Which of the following is the complete list of the types of backups that are supported by Phantom?

Full backups.

Full, delta, and incremental backups.

Full and incremental backups.

Full and delta backups.

Q33. How can a child playbook access the parent playbook’s action results?

Child playbooks can access parent playbook data while the parent Is still running.

By setting scope to ALL when starting the child.

When configuring the playbook block in the parent, add the desired results in the Scope parameter.

The parent can create an artifact with the data needed by the did.

Q34. How can a child playbook access the parent playbook’s action results?

Child playbooks can access parent playbook data while the parent Is still running.

By setting scope to ALL when starting the child.

When configuring the playbook block in the parent, add the desired results in the Scope parameter.

The parent can create an artifact with the data needed by the did.

Q35. Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?

superuser, administrator

phantomcreate. phantomedit

phantomsearch, phantomdelete

admin,user

Q36. Which of the following can be configured in the ROl Settings?

Analyst hours per month.

Time lost.

Number of full time employees (FTEs).

Annual analyst salary.

Q37. When analyzing events a working on a case, significant items can be marked as evidence. Where can ail of a case’s evidence items be viewed together?

Workbook page Evidence tab.

Evidence report.

Investigation page Evidence tab.

At the bottom of the Investigation page widget panel.

Q38. Which Phantom API command is used to create a custom list?

phantom.add_list()

phantom.create_list()

phantom.include_list()

phantom.new_list()

Cover SPLK-2003 Exam Questions Make Sure You 100% Pass: https://www.vceprep.com/SPLK-2003-latest-vce-prep.html

Post date: 2023-10-13 12:53:33
Post date GMT: 2023-10-13 12:53:33
Post modified date: 2023-10-13 12:53:33
Post modified date GMT: 2023-10-13 12:53:33