- All Exams Instant Download
How can this rule be applied?
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?A . Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.B . Add a tag with restricted access to the restricted playbooks.C...
Which of the following can be configured in the ROl Settings?
Which of the following can be configured in the ROl Settings?A . Analyst hours per month.B . Time lost.C . Number of full time employees (FTEs).D . Annual analyst salary.View AnswerAnswer: C Explanation: The ROI (Return on Investment) Settings within Splunk SOAR are designed to help organizations assess the value...
Which of the following are examples of things commonly done with the Phantom REST APP
Which of the following are examples of things commonly done with the Phantom REST APPA . Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.B . Use Django queries; use Docker to create a container and add artifacts to it; remove temporary...
An active playbook can be configured to operate on all containers that share which attribute?
An active playbook can be configured to operate on all containers that share which attribute?A . ArtifactB . LabelC . TagD . SeverityView AnswerAnswer: B Explanation: The correct answer is B because an active playbook can be configured to operate on all containers that share a label. A label is...
How can an individual asset action be manually started?
How can an individual asset action be manually started?A . With the > action button in the analyst queue page.B . By executing a playbook in the Playbooks section.C . With the > action button in the Investigation page.D . With the > asset button in the asset configuration section.View...
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?A . Null IP addressesB . Non-null IP addressesC . Non-null destinationAddressesD . Null valuesView AnswerAnswer: B Explanation: A filter block with only...
What is enabled if the Logging option for a playbook's settings is enabled?
What is enabled if the Logging option for a playbook's settings is enabled?A . More detailed logging information Is available m the Investigation page.B . All modifications to the playbook will be written to the audit log.C . More detailed information is available in the debug window.D . The playbook...
What other user authentication method is supported?
Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?A . SAML3B . PIV/CACC . BiometricsD . OpenIDView AnswerAnswer: B Explanation: Splunk SOAR supports multiple user authentication methods to ensure secure access to the platform. Apart from LDAP (Lightweight Directory Access Protocol)...
Is it possible to import external Python libraries such as the time module?
Is it possible to import external Python libraries such as the time module?A . No.B . No, but this can be changed by setting the proper permissions.C . Yes, in the global block.D . Yes. from a drop-down menu.View AnswerAnswer: C Explanation: In Splunk SOAR, it is possible to import...
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?
Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?A . superuser, administratorB . phantomcreate. phantomeditC . phantomsearch, phantomdeleteD . admin,userView AnswerAnswer: A Explanation: When configuring Splunk Phantom to integrate with an external Splunk Enterprise instance, it is typically required to have...
