CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-2003

Free SPLK-2003 Exam Braindumps (page: 2)

Page 2 of 15
PDF with 96 Questions

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

  1. Map CIM to CEF fields.
  2. Create a Splunk alert that uses the event_forward.py script to send events to Phantom.
  3. Map CEF to CIM fields.
  4. Create a saved search that generates the JSON for the new container on Phantom.

Answer(s): C



A customer wants to design a modular and reusable set of playbooks that all communicate with each other. Which of the following is a best practice for data sharing across playbooks?

  1. Use the py-postgresq1 module to directly save the data in the Postgres database.
  2. Cal the child playbooks getter function.
  3. Create artifacts using one playbook and collect those artifacts in another playbook.
  4. Use the Handle method to pass data directly between playbooks.

Answer(s): A



When analyzing events a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

  1. Workbook page Evidence tab.
  2. Evidence report.
  3. Investigation page Evidence tab.
  4. At the bottom of the Investigation page widget panel.

Answer(s): C



What values can be applied when creating Custom CEF field?

  1. Name
  2. Name, Data Type
  3. Name, Value
  4. Name, Data Type, Severity

Answer(s): D



Page 2 of 15



Post your Comments and Discuss Splunk® SPLK-2003 exam with other Community members:

Frank commented on August 19, 2024
Nice for prepping but it is not complete. In order to get the complete version you need to purchase the full PDF version.
UNITED STATES
upvote

jh commented on August 14, 2023
Not bad, but still uses phantom as a description, its splunk soar now
AUSTRALIA
upvote