What metrics can be seen from the System Health Display? (select all that apply)
A. Playbook Usage
B. Memory Usage
C. Disk Usage
D. Load Average
Which of the following is the complete list of the types of backups that are supported by Phantom?
A. Full backups.
B. Full, delta, and incremental backups.
C. Full and incremental backups.
D. Full and delta backups.
Which app allows a user to run Splunk queries from within Phantom?
A. Splunk App for Phantom?
B. The Integrated Splunk/Phantom app.
C. Phantom App for Splunk.
D. Splunk App for Phantom Reporting.
Which of the following is an asset ingestion setting in SOAR?
A. Polling Interval
B. Tag
C. File format
D. Operating system
Where in SOAR can a user view the JSON data for a container?
A. In the analyst queue.
B. On the Investigation page.
C. In the data ingestion display.
D. In the audit log.
Which of the following can be done with the System Health Display?
A. Create a temporary, edited version of a process and test the results.
B. Partially rewind processes, which is useful for debugging.
C. View a single column of status for SOAR processes. For metrics, click Details.
D. Reset DECIDED to reset playbook environments back to at-start conditions.
What are the differences between cases and events?
A. Case: potential threats. Events: identified as a specific kind of problem and need a structured approach.
B. Cases: only include high-level incident artifacts. Events: only include low-level incident artifacts.
C. Cases: contain a collection of containers. Events: contain potential threats.
D. Cases: incidents with a known violation and a plan for correction. Events: occurrences in the system that may require a response.
Which of the following are the default ports that must be configured on Splunk to allow connections from SOAR?
A. SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)
B. SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)
C. SplunkWeb (8000), SplunkD (8089), HTTP Collector (8088)
D. SplunkWeb (8469), SplunkD (8702), HTTP Collector (8864)