Certbus > Splunk > Splunk Certifications > SPLK-2003 > SPLK-2003 Online Practice Questions and Answers

SPLK-2003 Online Practice Questions and Answers

Questions 4

What metrics can be seen from the System Health Display? (select all that apply)

A. Playbook Usage

B. Memory Usage

C. Disk Usage

D. Load Average

Browse 96 Q&As
Questions 5

Which of the following is the complete list of the types of backups that are supported by Phantom?

A. Full backups.

B. Full, delta, and incremental backups.

C. Full and incremental backups.

D. Full and delta backups.

Browse 96 Q&As
Questions 6

Which app allows a user to run Splunk queries from within Phantom?

A. Splunk App for Phantom?

B. The Integrated Splunk/Phantom app.

C. Phantom App for Splunk.

D. Splunk App for Phantom Reporting.

Browse 96 Q&As
Questions 7

Which of the following is an asset ingestion setting in SOAR?

A. Polling Interval

B. Tag

C. File format

D. Operating system

Browse 96 Q&As
Questions 8

Where in SOAR can a user view the JSON data for a container?

A. In the analyst queue.

B. On the Investigation page.

C. In the data ingestion display.

D. In the audit log.

Browse 96 Q&As
Questions 9

Which of the following can be done with the System Health Display?

A. Create a temporary, edited version of a process and test the results.

B. Partially rewind processes, which is useful for debugging.

C. View a single column of status for SOAR processes. For metrics, click Details.

D. Reset DECIDED to reset playbook environments back to at-start conditions.

Browse 96 Q&As
Questions 10

What are the differences between cases and events?

A. Case: potential threats. Events: identified as a specific kind of problem and need a structured approach.

B. Cases: only include high-level incident artifacts. Events: only include low-level incident artifacts.

C. Cases: contain a collection of containers. Events: contain potential threats.

D. Cases: incidents with a known violation and a plan for correction. Events: occurrences in the system that may require a response.

Browse 96 Q&As
Questions 11

Which of the following are the default ports that must be configured on Splunk to allow connections from SOAR?

A. SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)

B. SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)

C. SplunkWeb (8000), SplunkD (8089), HTTP Collector (8088)

D. SplunkWeb (8469), SplunkD (8702), HTTP Collector (8864)

Browse 96 Q&As
Exam Code: SPLK-2003
Exam Name: Splunk SOAR Certified Automation Developer
Last Update: Mar 13, 2025
Questions: 96 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99