← Back to exam page

SPLK-2003 Splunk Phantom Certified Admin

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Which of the following is a step when configuring event forwarding from Splunk to Phantom?

Select an option, then click Submit answer.

  • Map CIM to CEF fields.

  • Create a Splunk alert that uses the event_forward.py script to send events to Phantom.

  • Map CEF to CIM fields.

  • Create a saved search that generates the JSON for the new container on Phantom.
Question 5

When working with complex datapaths, which operator is used to access a sub-element inside another element?

Select an option, then click Submit answer.

  • !(pipe)

  • *(asterisk)

  • :(colon)

  • .(dot)
Question 6

Within the 12A2 design methodology, which of the following most accurately describes the last step?

Select an option, then click Submit answer.

  • List of the apps used by the playbook.

  • List of the actions of the playbook design.

  • List of the outputs of the playbook design.

  • List of the data needed to run the playbook.