Splunk SPLK-2003 Exam Practice Test Instant Access

Question 1

A user wants to use their Splunk Cloud instance as the external Splunk instance for Phantom. What ports need to be opened on the Splunk Cloud instance to facilitate this? Assume default ports are in use.

ATCP 8088 and TCP 8099.

BTCP 80 and TCP 443.

CSplunk Cloud is not supported.

DTCP 8080 and TCP 8191.

Answer : D

Question 2

Which of the following supported approaches enables Phantom to run on a Windows server?

AInstall the Phantom RPM in a GNU Cygwin implementation.

BRun the Phantom OVA as a cloud instance.

CInstall the Phantom RPM file in Windows Subsystem for Linux (WSL).

DRun the Phantom OVA as a virtual machine.

Answer : B

Question 3

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

Aphantom.debug()

Bphantom.exception()

Cphantom.print ()

Dphantom.assert()

Answer : D

Question 4

Which of the following will show all artifacts that have the term results in a filePath CEF value?

A.../rest/artifact?_filter_cef_filePath_icontain=''results''

B...rest/artifacts/filePath=''%results%''

C.../result/artifacts/cef/filePath= '%results%''

D.../result/artifact?_query_cef_filepath_icontains=''results

Answer : D

Question 5

A filter block with only one condition configured which states: artifact.*.cef .sourceAddress !- , would permit which of the following data to pass forward to the next block?

ANull IP addresses

BNon-null IP addresses

CNon-null destinationAddresses

DNull values

Answer : D

Question 6

What is the default embedded search engine used by Phantom?

AEmbedded Splunk search engine.

BEmbedded Phantom search engine.

CEmbedded Elastic search engine.

DEmbedded Django search engine.

Answer : C

Question 7

How can an individual asset action be manually started?

AWith the > action button in the analyst queue page.

BBy executing a playbook in the Playbooks section.

CWith the > action button in the Investigation page.

DWith the > asset button in the asset configuration section.

Answer : C

Splunk SPLK-2003 Splunk SOAR Certified Automation Developer Exam Practice Test