- All Exams Instant Download
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?A . Include the notable event's event_id field and set the artifacts label to aplunk notable event id.B . Rename the event_id field from the notable event to...
After enabling multi-tenancy, which of the Mowing is the first configuration step?
After enabling multi-tenancy, which of the Mowing is the first configuration step?A . Select the associated tenant artifacts.B . Change the tenant permissions.C . Set default tenant base address.D . Configure the default tenant.View AnswerAnswer: D Explanation: Upon enabling multi-tenancy in Splunk SOAR, the first step in configuration typically involves...
Which of the following can the format block be used for?
Which of the following can the format block be used for?A . To generate arrays for input into other functions.B . To generate HTML or CSS content for output in email messages, user prompts, or comments.C . To generate string parameters for automated action blocks.D . To create text strings...
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?
Which app allows a user to send Splunk Enterprise Security notable events to Phantom?A . Any of the integrated Splunk/Phantom AppsB . Splunk App for Phantom Reporting.C . Splunk App for Phantom.D . Phantom App for Splunk.View AnswerAnswer: C Explanation: The Splunk App for Phantom is designed to facilitate the...
What is the default embedded search engine used by Phantom?
What is the default embedded search engine used by Phantom?A . Embedded Splunk search engine.B . Embedded Phantom search engine.C . Embedded Elastic search engine.D . Embedded Django search engine.View AnswerAnswer: A Explanation: The default embedded search engine used by Splunk SOAR (formerly known as Phantom) is the embedded Splunk...
Which is the primary system requirement that should be increased with heavy usage of the file vault?
Which is the primary system requirement that should be increased with heavy usage of the file vault?A . Amount of memory.B . Number of processors.C . Amount of storage.D . Bandwidth of network.View AnswerAnswer: C Explanation: The primary system requirement that should be increased with heavy usage of the file...
Without customizing container status within Phantom, what are the three types of status for a container?
Without customizing container status within Phantom, what are the three types of status for a container?A . New, In Progress, ClosedB . Low, Medium, HighC . Mew, Open, ResolvedD . Low, Medium, CriticalView AnswerAnswer: A Explanation: Within Splunk SOAR, containers (which represent incidents, cases, or events) have a lifecycle that...
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
Which of the following is a step when configuring event forwarding from Splunk to Phantom?A . Map CIM to CEF fields.B . Create a Splunk alert that uses the event_forward.py script to send events to Phantom.C . Map CEF to CIM fields.D . Create a saved search that generates the...
What is the main purpose of using a customized workbook?
What is the main purpose of using a customized workbook?A . Workbooks automatically implement a customized processing of events using Python code.B . Workbooks guide user activity and coordination during event analysis and case operations.C . Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the...
What are indicators?
What are indicators?A . Action result items that determine the flow of execution in a playbook.B . Action results that may appear in multiple containers.C . Artifact values that can appear in multiple containers.D . Artifact values with special security significance.View AnswerAnswer: C Explanation: Indicators in Splunk SOAR (formerly Phantom)...
