Splunk SOAR Certified Automation Developer v1.0

Page:    1 / 6   
Exam contains 78 questions
Expand All

Which of the following roles is appropriate for a Splunk SOAR account that will only be used to execute automated tasks?

  • A. Service Account
  • B. Automation Engineer
  • C. Non-Human
  • D. Automation


Answer : A

If two or more conditions apply to data in a filter block, which path is followed in the playbook?

  • A. All paths with matching conditions are followed in parallel.
  • B. Only the last matching condition will activate its path.
  • C. All matching paths will be followed, but the first path to reach the end block will terminate the playbook.
  • D. Only the first matching condition will activate its path.


Answer : A

If the SOAR New status is removed and replaced by In Progress, what status is shown for containers that had the new status before the replacement?

  • A. In Progress
  • B. New
  • C. In Progress
  • D. New


Answer : A

A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?

  • A. The first playbook is performing poorly.
  • B. The sleep option for the second playbook is not set to a long enough interval.
  • C. Incorrect join configuration on the second playbook.
  • D. Synchronous execution has not been configured.


Answer : D

Which of the following is a step when configuring event forwarding from Splunk to SOAR?

  • A. Create a saved search that generates the JSON for the new container on SOAR.
  • B. Map CIM to CEF fields.
  • C. Map CEF to CIM fields.
  • D. Create a Splunk alert that uses the event_forward.py script to send events to SOAR.


Answer : A

On the Splunk search head, when configuring the app to search SOAR searchable content, what are the two requirements to complete the app setup?

  • A. User accounts and REST API.
  • B. User accounts and syslog.
  • C. User accounts and an HTTP Event Collector token.
  • D. User accounts and universal forwarder.


Answer : A

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

  • A. phantom.assert()
  • B. phantom.print()
  • C. phantom.exception()
  • D. phantom.debug()


Answer : D

What metrics can be seen from the System Health Display? (Choose all that apply.)

  • A. Playbook Usage
  • B. Disk Usage
  • C. Load Average
  • D. Memory Usage


Answer : BCD

What primary integrations does Splunk SOAR provide for Role administration? (Choose all that apply.)

  • A. LDAP
  • B. SAML
  • C. Local Authentication
  • D. OpenID


Answer : AB

Which of the following cannot be marked as evidence in a container?

  • A. Action result
  • B. Comment
  • C. Note
  • D. Artifact


Answer : B

What is the primary objective of using the I2A2 playbook design methodology?

  • A. To create simple, reusable, modular playbooks.
  • B. To meet customer requirements using a single playbook.
  • C. To create detailed playbooks.
  • D. To create playbooks that customers will not edit.


Answer : A

Which set of steps will show the most detailed information for action results on the Investigation page?

  • A. Viewing the evidence tab within the main display area.
  • B. Viewing the action widget within the main display area.
  • C. Clicking on the action within the recent activity pane.
  • D. Clicking the arrow next to the action within the recent activities pane.


Answer : D

Which of the following applies to filter blocks?

  • A. Can select containers by severity or status.
  • B. Can select assets by tenant, approver, or app.
  • C. Can select which blocks have access to container data.
  • D. Can be used to select data for use by other blocks.


Answer : D

What users are included in a new installation of SOAR?

  • A. The admin and automation users are included by default.
  • B. The admin, power, and user users are included by default.
  • C. No users are included by default.
  • D. Only the admin user is included by default.


Answer : A

In the SOAR main menu, there are sub-options below Sources. What is the purpose of these options?

  • A. They permit analysts to select the app that is polled to create the containers.
  • B. They filter the container list based on default or user-saved filters.
  • C. They are only available for admins and would never be used by an analyst.
  • D. They permit analysts to select cases related to an investigation.


Answer : B

Page:    1 / 6   
Exam contains 78 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy