Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Splunk SPLK-2003 Splunk SOAR Certified Automation Developer Exam Exam Practice Test

Demo: 27 questions
Total 96 questions

Splunk SOAR Certified Automation Developer Exam Questions and Answers

Question 1

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?

Options:

A.

Incorrect Join configuration on the second playbook.

B.

The first playbook is performing poorly.

C.

The steep option for the second playbook is not set to a long enough interval.

D.

Synchronous execution has not been configured.

Question 2

What is the primary objective of using the I2A2 playbook design methodology?

Options:

A.

To create detailed playbooks.

B.

To create playbooks that customers will not edit.

C.

To meet customer requirements using a single playbook.

D.

To create simple, reusable, modular playbooks.

Question 3

After a successful POST to a Phantom REST endpoint to create a new object what result is returned?

Options:

A.

The new object ID.

B.

The new object name.

C.

The full CEF name.

D.

The PostGres UUID.

Question 4

After enabling multi-tenancy, which of the Mowing is the first configuration step?

Options:

A.

Select the associated tenant artifacts.

B.

Change the tenant permissions.

C.

Set default tenant base address.

D.

Configure the default tenant.

Question 5

Which of the following are examples of things commonly done with the Phantom REST APP

Options:

A.

Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.

B.

Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.

C.

Use Django queries; use curl to create a container and add artifacts to it; add action blocks.

D.

Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.

Question 6

What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?

Options:

A.

Include the notable event's event_id field and set the artifacts label to aplunk notable event id.

B.

Rename the event_id field from the notable event to splunkNotableEventld.

C.

Include the event_id field in the search results and add a CEF definition to Phantom for event_id, datatype splunk notable event id.

D.

Add a custom field to the container named event_id and set the custom field's data type to splunk notable event id.

Question 7

Which of the following queries would return all artifacts that contain a SHA1 file hash?

Options:

A.

https:// /rest/artifact?_filter_cef_md5_insull=false

B.

https:// /rest/artifact?_filter_cef_Shal_contains=””

C.

https:// /rest/artifact?_filter_cef_shal_insull=False

D.

https:// /rest/artifact?_filter_shal__insull=False

Question 8

In a playbook, more than one Action block can be active at one time. What is this called?

Options:

A.

Serial Processing

B.

Parallel Processing

C.

Multithreaded Processing

D.

Juggle Processing

Question 9

Which of the following applies to filter blocks?

Options:

A.

Can select which blocks have access to container data.

B.

Can select assets by tenant, approver, or app.

C.

Can be used to select data for use by other blocks.

D.

Can select containers by seventy or status.

Question 10

Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?

Options:

A.

Notes

B.

Actions

C.

Service level agreement (SLA) expiration

D.

Playbooks

Question 11

Without customizing container status within Phantom, what are the three types of status for a container?

Options:

A.

New, In Progress, Closed

B.

Low, Medium, High

C.

Mew, Open, Resolved

D.

Low, Medium, Critical

Question 12

Is it possible to import external Python libraries such as the time module?

Options:

A.

No.

B.

No, but this can be changed by setting the proper permissions.

C.

Yes, in the global block.

D.

Yes. from a drop-down menu.

Question 13

Which of the following is a reason to create a new role in SOAR?

Options:

A.

To define a set of users who have access to a special label.

B.

To define a set of users who have access to a restricted app.

C.

To define a set of users who have access to an event's reports.

D.

To define a set of users who have access to a sensitive tag.

Question 14

On a multi-tenant Phantom server, what is the default tenant's ID?

Options:

A.

0

B.

Default

C.

1

D.

*

Question 15

How can the DECIDED process be restarted?

Options:

A.

By restarting the playbook daemon.

B.

On the System Health page.

C.

In Administration > Server Settings.

D.

By restarting the automation service.

Question 16

Which Phantom API command is used to create a custom list?

Options:

A.

phantom.add_list()

B.

phantom.create_list()

C.

phantom.include_list()

D.

phantom.new_list()

Question 17

Configuring Phantom search to use an external Splunk server provides which of the following benefits?

Options:

A.

The ability to run more complex reports on Phantom activities.

B.

The ability to ingest Splunk notable events into Phantom.

C.

The ability to automate Splunk searches within Phantom.

D.

The ability to display results as Splunk dashboards within Phantom.

Question 18

What do assets provide for app functionality?

Options:

A.

Assets provide location, credentials, and other parameters needed to run actions.

B.

Assets provide hostnames, passwords, and other artifacts needed to run actions.

C.

Assets provide Python code, REST API, and other capabilities needed to run actions.

D.

Assets provide firewall, network, and data sources needed to run actions.

Question 19

When is using decision blocks most useful?

Options:

A.

When selecting one (or zero) possible paths in the playbook.

B.

When processing different data in parallel.

C.

When evaluating complex, multi-value results or artifacts.

D.

When modifying downstream data hi one or more paths in the playbook.

Question 20

When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

Options:

A.

Workbook page Evidence tab.

B.

Evidence report.

C.

Investigation page Evidence tab.

D.

At the bottom of the Investigation page widget panel.

Question 21

Which of the following actions will store a compressed, secure version of an email attachment with suspected malware for future analysis?

Options:

A.

Copy/paste the attachment into a note.

B.

Add a link to the file in a new artifact.

C.

Use the Files tab on the Investigation page to upload the attachment.

D.

Use the Upload action of the Secure Store app to store the file in the database.

Question 22

What values can be applied when creating Custom CEF field?

Options:

A.

Name

B.

Name, Data Type

C.

Name, Value

D.

Name, Data Type, Severity

Question 23

Which of the following describes the use of labels in Phantom?

Options:

A.

Labels determine the service level agreement (SLA) for a container.

B.

Labels control the default seventy, ownership, and sensitivity for the container.

C.

Labels control which apps are allowed to execute actions on the container.

D.

Labels determine which playbook(s) are executed when a container is created.

Question 24

Which is the primary system requirement that should be increased with heavy usage of the file vault?

Options:

A.

Amount of memory.

B.

Number of processors.

C.

Amount of storage.

D.

Bandwidth of network.

Question 25

Which of the following supported approaches enables Phantom to run on a Windows server?

Options:

A.

Install the Phantom RPM in a GNU Cygwin implementation.

B.

Run the Phantom OVA as a cloud instance.

C.

Install the Phantom RPM file in Windows Subsystem for Linux (WSL).

D.

Run the Phantom OVA as a virtual machine.

Question 26

During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?

Options:

A.

The container has artifacts not parameters.

B.

The playbook is using an incorrect container.

C.

The playbook debugger's scope is set to new.

D.

The playbook debugger's scope is set to all.

Question 27

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

Options:

A.

Use the py-postgresq1 module to directly save the data in the Postgres database.

B.

Cal the child playbooks getter function.

C.

Create artifacts using one playbook and collect those artifacts in another playbook.

D.

Use the Handle method to pass data directly between playbooks.

Demo: 27 questions
Total 96 questions