Pass Splunk SPLK-2003 PDF Dumps | Recently Updated 60 Questions

Updated Test Engine to Practice SPLK-2003 Dumps & Practice Exam

NEW QUESTION 34
What values can be applied when creating Custom CEF field?

• A. Name
• B. Name, Value
• C. Name, Data Type, Severity
• D. Name, Data Type

Answer: C

 

NEW QUESTION 35
A customer wants to design a modular and reusable set of playbooks that all communicate with each other.
Which of the following is a best practice for data sharing across playbooks?

• A. Create artifacts using one playbook and collect those artifacts in another playbook.
• B. Cal the child playbooks getter function.
• C. Use the Handle method to pass data directly between playbooks.
• D. Use the py-postgresq1 module to directly save the data in the Postgres database.

Answer: D

 

NEW QUESTION 36
Which Phantom VPE Nock S used to add information to custom lists?

• A. Action blocks
• B. Decision blocks
• C. API blocks
• D. Filter blocks

Answer: C

 

NEW QUESTION 37
What are the differences between cases and events?

• A. Case: potential threats.
  Events: identified as a specific kind of problem and need a structured approach.
• B. Cases: contain a collection of containers.
  Events: contain potential threats.
• C. Cases: only include high-level incident artifacts.
  Events: only include low-level incident artifacts.
• D. Cases: incidents with a known violation and a plan for correction.
  Events: occurrences in the system that may require a response.

Answer: A

 

NEW QUESTION 38
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?

• A. Add a tag with restricted access to the restricted playbooks.
• B. Place restricted playbooks in a second source repository that has restricted access.
• C. Make sure the Execute Playbook capability is removed from al roles except admin.
• D. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.

Answer: D

 

NEW QUESTION 39
Configuring Phantom search to use an external Splunk server provides which of the following benefits?

• A. The ability to run more complex reports on Phantom activities.
• B. The ability to display results as Splunk dashboards within Phantom.
• C. The ability to ingest Splunk notable events into Phantom.
• D. The ability to automate Splunk searches within Phantom.

Answer: D

 

NEW QUESTION 40
After enabling multi-tenancy, which of the Mowing is the first configuration step?

• A. Change the tenant permissions.
• B. Configure the default tenant.
• C. Set default tenant base address.
• D. Select the associated tenant artifacts.

Answer: A

 

NEW QUESTION 41
When analyzing events a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

• A. At the bottom of the Investigation page widget panel.
• B. Investigation page Evidence tab.
• C. Workbook page Evidence tab.
• D. Evidence report.

Answer: B

 

NEW QUESTION 42
Which is the primary system requirement that should be increased with heavy usage of the file vault?

• A. Number of processors.
• B. Bandwidth of network.
• C. Amount of storage.
• D. Amount of memory.

Answer: C

 

NEW QUESTION 43
When is using decision blocks most useful?

• A. When processing different data in parallel.
• B. When modifying downstream data hi one or more paths in the playbook.
• C. When selecting one (or zero) possible paths in the playbook.
• D. When evaluating complex, multi-value results or artifacts.

Answer: C

 

NEW QUESTION 44
What is enabled if the Logging option for a playbook's settings is enabled?

• A. The playbook will write detailed execution information into the spawn.log.
• B. All modifications to the playbook will be written to the audit log.
• C. More detailed logging information Is available m the Investigation page.
• D. More detailed information is available in the debug window.

Answer: A

 

NEW QUESTION 45
Which of the following accurately describes the Files tab on the Investigate page?

• A. A user can upload the output from a detonate action to the the files tab for further investigation.
• B. Files tab items and artifacts are the only data sources that can populate active cases.
• C. Phantom memory requirements remain static, regardless of Files tab usage.
• D. Files tab items cannot be added to investigations. Instead, add them to action blocks.

Answer: C

 

NEW QUESTION 46
Which of the following can the format block be used for?

• A. To generate arrays for input into other functions.
• B. To generate HTML or CSS content for output in email messages, user prompts, or comments.
• C. To generate string parameters for automated action blocks.
• D. To create text strings that merge state text with dynamic values for input or output.

Answer: D

 

NEW QUESTION 47
When working with complex datapaths, which operator is used to access a sub-element inside another element?

• A. :(colon)
• B. *(asterisk)
• C. !(pipe)
• D. .(dot)

Answer: C

 

NEW QUESTION 48
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible

• A. Enter the two queries in the asset as comma separated values.
• B. Install a second Splunk app and configure the query in the second app.
• C. Configure a second Splunk asset with the second query.
• D. Configure the second query in the Phantom app for Splunk.

Answer: A

 

NEW QUESTION 49
Which of the following is a step when configuring event forwarding from Splunk to Phantom?

• A. Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
• B. Map CEF to CIM fields.
• C. Create a saved search that generates the JSON for the new container on Phantom.
• D. Map CIM to CEF fields.

Answer: B

 

NEW QUESTION 50
What is the default embedded search engine used by Phantom?

• A. Embedded Django search engine.
• B. Embedded Splunk search engine.
• C. Embedded Elastic search engine.
• D. Embedded Phantom search engine.

Answer: C

 

NEW QUESTION 51
Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

• A. phantom.exception()
• B. phantom.assert()
• C. phantom.debug()
• D. phantom.print ()

Answer: B

 

NEW QUESTION 52
Which of the following will show all artifacts that have the term results in a filePath CEF value?

• A. .../result/artifacts/cef/filePath= '%results%''
• B. .../rest/artifact?_filter_cef_filePath_icontain=''results''
• C. .../result/artifact?_query_cef_filepath_icontains=''results
• D. ...rest/artifacts/filePath=''%results%''

Answer: C

 

NEW QUESTION 53
After a successful POST to a Phantom REST endpoint to create a new object what result is returned?

• A. The new object ID.
• B. The new object name.
• C. The PostGres UUID.
• D. The full CEF name.

Answer: C

 

NEW QUESTION 54
Without customizing container status within Phantom, what are the three types of status for a container?

• A. Low, Medium, High
• B. Low, Medium, Critical
• C. Mew, Open, Resolved
• D. New, In Progress, Closed

Answer: D

 

NEW QUESTION 55
After a playbook has run, where are the results stored?

• A. Splunk Index
• B. Log file
• C. Case
• D. Container

Answer: B

 

NEW QUESTION 56
......

Splunk SPLK-2003 Dumps Cover Real Exam Questions: https://www.testsimulate.com/SPLK-2003-study-materials.html

Dumps Collection SPLK-2003 Test Engine Dumps Training With 60 Questions: https://drive.google.com/open?id=1tXuttBMBbuTmM3slyx2lOVBzDixNhXDZ