최신 SPLK-2003 무료덤프 - Splunk Phantom Certified Admin

문제1

A new project requires event data from SOAR to be sent to an external system via REST. All events with the label notable that are in new status should be sent. Which of the following REST Django expressions will select the correct events?

A.

B.

C.

D.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제2

The SOAR server has been configured to use an external Splunk search head for search and searching on SOAR works; however, the search results don't include content that was being returned by search before configuring external search. Which of the following could be the problem?

A. The remote Splunk search head is currently offline.

B. The user configured on the SOAR side with Phantomsearch capability is not enabled on Splunk.

C. Content that existed before configuring external search must be backed up on SOAR and restored on the Splunk search head.

D. The existing content indexes on the SOAR server need to be re-indexed to migrate them to Splunk.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Which of the following queries would return all artifacts that contain a SHA1 file hash?

A. https://<PHANTOM_URL>/rest/artifact?_filter_cef_md5_insull=false

B. https://<PHANTOM_URL>/rest/artifact?_filter_shal__insull=False

C. https://<PHANTOM_URL>/rest/artifact?_filter_cef_Shal_contains=""

D. https://<PHANTOM_URL>/rest/artifact?_filter_cef_shal_insull=False

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

A. phantom.print ()

B. phantom.assert()

C. phantom.debug()

D. phantom.exception()

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

How can a user with the username "pat" configure the Analyst Queue to only show new events that are assigned to the current user?

A. Create a filter for status=new or owner=pat.

B. Create a filter for status-open and owner-pat.

C. Create a filter for label-new and owner-pat.

D. Create a filter for status=new and owner=pat.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제6

What are indicators?

A. Action results that may appear in multiple containers.

B. Action result items that determine the flow of execution in a playbook.

C. Artifact values with special security significance.

D. Artifact values that can appear in multiple containers.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Which of the following is an advantage of using the Visual Playbook Editor?

A. Eliminates any need to use Python code.

B. The Visual Playbook Editor is the only way to generate user prompts.

C. Supports Python or Javascript.

D. Easier playbook maintenance.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Which app allows a user to send Splunk Enterprise Security notable events to Phantom?

A. Splunk App for Phantom.

B. Phantom App for Splunk.

C. Splunk App for Phantom Reporting.

D. Any of the integrated Splunk/Phantom Apps

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

Which of the following is true about a child playbook?

A. The child playbook does not have access to the parent playbook's container, but to the parent's action result data.

B. The child playbook has access to the parent playbook's container and the parent's action result data.

C. The child playbook does not have access to the parent playbook's container or action result data.

D. The child playbook has access to the parent playbook's container, but not to the parent's action result data.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제10

After a successful POST to a Phantom REST endpoint to create a new object what result is returned?

A. The full CEF name.

B. The new object name.

C. The PostGres UUID.

D. The new object ID.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

최신 SPLK-2003 무료덤프 - Splunk Phantom Certified Admin

우리와 연락하기

유용한 링크

최신 업데이트