最新的Splunk SPLK-2003免費考試真題

問題1

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?

A. Non-null destinationAddresses

B. Null values

C. Non-null IP addresses

D. Null IP addresses

正確答案: C

說明：（僅 Fast2test 成員可見）

問題2

Playbooks typically handle which types of data?

A. Container data, Artifact data, Result data, Threat data

B. Container data, Artifact CEF data, Result data, List data

C. Container CEF data, Artifact data, Result data, List data

D. Container data, Artifact CEF data, Result data, Threat data

正確答案: B

問題3

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

A. phantom.exception()

B. phantom.debug()

C. phantom.print ()

D. phantom.assert()

正確答案: B

說明：（僅 Fast2test 成員可見）

問題4

Which of the following is a reason to create a new role in SOAR?

A. To define a set of users who have access to an event's reports.

B. To define a set of users who have access to a restricted app.

C. To define a set of users who have access to a special label.

D. To define a set of users who have access to a sensitive tag.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題5

When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?

A. Edit the artifact to enable the List as Parameter option for the CEF value.

B. Edit the container to allow CEF parameters.

C. Delete and recreate the artifact.

D. Type the CEF datapath in manually.

正確答案: D

說明：（僅 Fast2test 成員可見）

問題6

Without customizing container status within Phantom, what are the three types of status for a container?

A. Low, Medium, Critical

B. Low, Medium, High

C. New, In Progress, Closed

D. Mew, Open, Resolved

正確答案: C

說明：（僅 Fast2test 成員可見）

問題7

Which set of steps will show the most detailed information for action results on the Investigation page?

A. Clicking the arrow next to the action within the recent activities pane.

B. Viewing the action widget within the main display area.

C. Clicking on the action within the recent activity pane.

D. Viewing the evidence tab within the main display area.

正確答案: A

問題8

During a second test of a playbook, a user receives an error that states: "an empty parameters list was passed to phantom.act()." What does this indicate?

A. The container has artifacts not parameters.

B. The playbook is using an incorrect container.

C. The playbook debugger's scope is set to new.

D. The playbook debugger's scope is set to all.

正確答案: A

說明：（僅 Fast2test 成員可見）

問題9

How is a Django filter query performed?

A. phantom/rest/search/app/contains/"sumo"

B. Install the SOAR Django App first, then configure the search query in the App editor.

C. Browse to the Django Filter Query Editor in the Administration panel.

D. By adding parameters to the URL similar to the following:
phantom/rest/container?_filter_tags_contains="sumo".

正確答案: D

說明：（僅 Fast2test 成員可見）

最新的Splunk Phantom Certified Admin - SPLK-2003免費考試真題

聯系我們

站內鏈接

最新更新