Splunk SPLK-2003 Exam Questions

Question 6 of 78

An active playbook can be configured to operate on all containers that share which attribute?

Tag

Label

Artifact

Severity

Correct Answer: B

Question 7 of 78

Which visual playbook editor block is used to assemble commands and data into a valid Splunk search within a SOAR playbook?

An action block.

A filter block.

A prompt block.

A format block.

Correct Answer: A

Question 8 of 78

Which of the following contains official SOAR documentation for the latest releases?

Slack and Github.

Splunk Server and docs.splunk.com.

SOAR Server and soar.splunk.com.

SOAR Server and docs.splunk.com.

Correct Answer: D

Question 9 of 78

Two action blocks, geolocate_ip_1 and file_reputation_2, are connected to a decision block. Which of the following is a correct configuration for making a decision on the action results from one of the given blocks?

Select parameter set to: file_reputation_2:action_result.data.*.response_code; evaluation option set to: ==; and the Select Value set to: custom_list:Banned Countries.

Select parameter set to: geolocate_ip_1:action_result.data.*.country_iso_code; evaluation option set to: in; and the Select Value set to: custom_list:Banned Countries.

Select parameter set to: geolocate_ip_1:action_result.cef.*.country_iso_code; evaluation option set to: !=; and the Select Value box left empty.

Select parameter set to: file_reputation_2:action_result.cef.*.response_code; evaluation option set to: in; and the Select Value set to: United States.

Correct Answer: B

The correct configuration involves checking the country code obtained from the geolocate_ip_1 action block against a list of banned countries. Therefore, the Select parameter should be set to geolocate_ip_1:action_result.data.*.country_iso_code, the evaluation option should be set to 'in,' and the Select Value should be set to custom_list:Banned Countries. This configuration accurately assesses whether the IP address falls within a banned country based on the geolocation data.

Question 10 of 78

What is enabled if the Logging option for a playbook' s settings is enabled?

The playbook will write detailed execution information into the spawn.loq.

More detailed information is available in the debug window.

All modifications to the playbook will be written to the audit log.

More detailed logging information is available in the Investigation page.

Correct Answer: D

Enabling the Logging option for a playbook's settings means that more detailed logging information is available in the Investigation page. This aids in thorough inspection and understanding of each step executed, helping in investigating any issues or actions taken by the playbook.