Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-2003

Free SPLK-2003 Exam Braindumps (page: 3)

Page 2 of 15
PDF with 110 Questions

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

  1. Map CIM to CEF fields.
  2. Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
  3. Map CEF to CIM fields.
  4. Create a saved search that generates the JSON for the new container on Phantom.

Answer(s): C



A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

  1. Use the py-postgresq1 module to directly save the data in the Postgres database.
  2. Cal the child playbooks getter function.
  3. Create artifacts using one playbook and collect those artifacts in another playbook.
  4. Use the Handle method to pass data directly between playbooks.

Answer(s): A



When analyzing events a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

  1. Workbook page Evidence tab.
  2. Evidence report.
  3. Investigation page Evidence tab.
  4. At the bottom of the Investigation page widget panel.

Answer(s): C



What values can be applied when creating Custom CEF field?

  1. Name
  2. Name, Data Type
  3. Name, Value
  4. Name, Data Type, Severity

Answer(s): D






Post your Comments and Discuss Splunk® SPLK-2003 exam with other Community members:

Exam Discussions & Posts