2023年最新の実際のGoShiken SPLK-2003問題集PDFで100%合格率を保証します
無料Splunk SPLK-2003試験問題と解答
質問 36
Which of the following is a best practice for use of the global block?
- A. Declare outputs which will be selectable within playbook blocks.
- B. Execute custom code after each run of the playbook.
- C. Import packages which will be used within the playbook.
- D. Execute code at the beginning of each run of the playbook.
正解: D
質問 37
Which app allows a user to run Splunk queries from within Phantom?
- A. Phantom App for Splunk.
- B. The Integrated Splunk/Phantom app.
- C. Splunk App for Phantom Reporting.
- D. Splunk App for Phantom?
正解: D
質問 38
What is the main purpose of using a customized workbook?
- A. Workbooks guide user activity and coordination during event analysis and case operations.
- B. Workbooks automatically implement a customized processing of events using Python code.
- C. Workbooks may not be customized; only default workbooks are permitted within Phantom.
- D. Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the ROI dashboard.
正解: C
質問 39
How does a user determine which app actions are available?
- A. Add an action block to a playbook canvas area.
- B. In the visual playbook editor, click Active and click the Available App Actions dropdown.
- C. From the Apps menu, click the supported actions dropdown for each app.
- D. Search the Apps category in the global search field.
正解: D
質問 40
What is the simplest way to pass data between playbooks?
- A. KV Store
- B. Artifacts
- C. File system
- D. Action results
正解: C
質問 41
Phantom supports multiple user authentication methods such as LDAP and SAML2. What other user authentication method is supported?
- A. PIV/CAC
- B. OpenID
- C. Biometrics
- D. SAML3
正解: D
質問 42
How can an individual asset action be manually started?
- A. With the > asset button in the asset configuration section.
- B. With the > action button in the analyst queue page.
- C. With the > action button in the Investigation page.
- D. By executing a playbook in the Playbooks section.
正解: C
質問 43
During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?
- A. The playbook is using an incorrect container.
- B. The container has artifacts not parameters.
- C. The playbook debugger's scope is set to all.
- D. The playbook debugger's scope is set to new.
正解: B
質問 44
A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?
- A. Null values
- B. Null IP addresses
- C. Non-null IP addresses
- D. Non-null destinationAddresses
正解: A
質問 45
Which of the following are examples of things commonly done with the Phantom REST APP
- A. Use Django queries; use curl to create a container and add artifacts to it; add action blocks.
- B. Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.
- C. Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.
- D. Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.
正解: A
質問 46
Without customizing container status within Phantom, what are the three types of status for a container?
- A. New, In Progress, Closed
- B. Mew, Open, Resolved
- C. Low, Medium, High
- D. Low, Medium, Critical
正解: A
質問 47
Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?
- A. Service level agreement (SLA) expiration
- B. Actions
- C. Playbooks
- D. Notes
正解: B
質問 48
Which of the following is a step when configuring event forwarding from Splunk to Phantom?
- A. Create a saved search that generates the JSON for the new container on Phantom.
- B. Map CIM to CEF fields.
- C. Map CEF to CIM fields.
- D. Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
正解: C
質問 49
What does a user need to do to have a container with an event from Splunk use context-aware actions designed for notable events?
- A. Include the event_id field in the search results and add a CEF definition to Phantom for event_id, datatype splunk notable event id.
- B. Rename the event_id field from the notable event to splunkNotableEventld.
- C. Include the notable event's event_id field and set the artifacts label to aplunk notable event id.
- D. Add a custom field to the container named event_id and set the custom field's data type to splunk notable event id.
正解: D
質問 50
Which of the following can the format block be used for?
- A. To generate arrays for input into other functions.
- B. To generate HTML or CSS content for output in email messages, user prompts, or comments.
- C. To create text strings that merge state text with dynamic values for input or output.
- D. To generate string parameters for automated action blocks.
正解: C
質問 51
After enabling multi-tenancy, which of the Mowing is the first configuration step?
- A. Select the associated tenant artifacts.
- B. Change the tenant permissions.
- C. Set default tenant base address.
- D. Configure the default tenant.
正解: B
質問 52
After a successful POST to a Phantom REST endpoint to create a new object what result is returned?
- A. The full CEF name.
- B. The new object ID.
- C. The PostGres UUID.
- D. The new object name.
正解: C
質問 53
When analyzing events a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?
- A. At the bottom of the Investigation page widget panel.
- B. Workbook page Evidence tab.
- C. Investigation page Evidence tab.
- D. Evidence report.
正解: C
質問 54
What is the default embedded search engine used by Phantom?
- A. Embedded Splunk search engine.
- B. Embedded Phantom search engine.
- C. Embedded Elastic search engine.
- D. Embedded Django search engine.
正解: C
質問 55
......
検証済みSPLK-2003問題集と解答で最新SPLK-2003をダウンロード:https://www.goshiken.com/Splunk/SPLK-2003-mondaishu.html
更新された100%カバー率でリアルSPLK-2003試験問題で100%合格保証が付きます:https://drive.google.com/open?id=1kbqif3fzjw0Z_jWfKKtO-xMOjTsF4Ah5