SPLK-2003 exam

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?A . Incorrect Join configuration on the second playbook.B . The first playbook is performing...

What values can be applied when creating Custom CEF field?A . NameB . Name, Data TypeC . Name, ValueD . Name, Data Type, SeverityView AnswerAnswer: B Explanation: Custom CEF fields can be created with a name and a data type. The name must be unique and the data type must...

A user wants to get the playbook results for a single artifact. Which steps will accomplish the?A . Use the contextual menu from the artifact and select run playbook.B . Use the run playbook dialog and set the scope to the artifact.C . Create a new container including Just the...

Which of the following are the steps required to complete a full backup of a Splunk Phantom deployment' Assume the commands are executed from /opt/phantom/bin and that no other backups have been made.A . On the command line enter: rode sudo python ibackup.pyc --setup, then audo phenv python ibackup.pyc --backup.B...

When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possibleA . Enter the two queries in the asset as comma separated values.B . Configure the second query...

Which of the following will show all artifacts that have the term results in a filePath CEF value?A . .../rest/artifact?_filter_cef_filePath_icontain=''results''B . ...rest/artifacts/filePath=''%results%''C . .../result/artifacts/cef/filePath= '%results%''D . .../result/artifact?_query_cef_filepath_icontains=''resultsView AnswerAnswer: A Explanation: The correct answer is A because the _filter parameter is used to filter the results based on a field value,...

Within the 12A2 design methodology, which of the following most accurately describes the last step?A . List of the apps used by the playbook.B . List of the actions of the playbook design.C . List of the outputs of the playbook design.D . List of the data needed to run...

A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?A . Use the py-postgresq1 module to directly save the data in the Postgres database.B . Cal the child playbooks...

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?A . phantom.debug()B . phantom.exception()C . phantom.print ()D . phantom.assert()View AnswerAnswer: A Explanation: The phantom.debug() function is used within Splunk SOAR playbooks to output debug information to the debug window in the Visual...

Configuring Phantom search to use an external Splunk server provides which of the following benefits?A . The ability to run more complex reports on Phantom activities.B . The ability to ingest Splunk notable events into Phantom.C . The ability to automate Splunk searches within Phantom.D . The ability to display...