최신 SPLK-2003 무료덤프 - Splunk Phantom Certified Admin

문제1

Without customizing container status within SOAR, what are the three types of status for a container?

A. Low, Medium, High

B. New, In Progress, Closed

C. New, Open, Resolved

D. Low, Medium, Critical

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Which of the following queries would return all artifacts that contain a SHA1 file hash?

A. https://<PHANTOM_URL>/rest/artifact?_filter_cef_md5_insull=false

B. https://<PHANTOM_URL>/rest/artifact?_filter_shal__insull=False

C. https://<PHANTOM_URL>/rest/artifact?_filter_cef_Shal_contains=""

D. https://<PHANTOM_URL>/rest/artifact?_filter_cef_shal_insull=False

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제3

What is the main purpose of using a customized workbook?

A. Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the ROI dashboard.

B. Workbooks guide user activity and coordination during event analysis and case operations.

C. Workbooks may not be customized; only default workbooks are permitted within Phantom.

D. Workbooks automatically implement a customized processing of events using Python code.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?

A. PIV/CAC

B. OpenID

C. SAML3

D. Biometrics

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제5

When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

A. Evidence report.

B. Workbook page Evidence tab.

C. Investigation page Evidence tab.

D. At the bottom of the Investigation page widget panel.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?

A. Create a new container including Just the artifact in question.

B. Use the run playbook dialog and set the scope to the artifact.

C. Use the contextual menu from the artifact and select the actions.

D. Use the contextual menu from the artifact and select run playbook.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Which Phantom API command is used to create a custom list?

A. phantom.new_list()

B. phantom.add_list()

C. phantom.create_list()

D. phantom.include_list()

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Configuring SOAR search to use an external Splunk server provides which of the following benefits?

A. The ability to automate Splunk searches within SOAR.

B. The ability to ingest Splunk notable events into SOAR.

C. The ability to run more complex reports on SOAR activities.

D. The ability to display results as Splunk dashboards within SOAR.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

Which of the following applies to filter blocks?

A. Can select assets by tenant, approver, or app.

B. Can select containers by seventy or status.

C. Can select which blocks have access to container data.

D. Can be used to select data for use by other blocks.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제10

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

A. phantom.print ()

B. phantom.assert()

C. phantom.debug()

D. phantom.exception()

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 SPLK-2003 무료덤프 - Splunk Phantom Certified Admin

우리와 연락하기

유용한 링크

최신 업데이트