861 お客様のコメント
質問 1:
If two or more conditions apply to data in a filter block, which path is followed in the playbook?
A. Only the last matching condition will activate its path.
B. All matching paths will be followed, but the first path to reach the end block will terminate the playbook.
C. All paths with matching conditions are followed in parallel.
D. Only the first matching condition will activate its path.
正解:C
質問 2:
In the SOAR main menu, there are sub-options below Sources. What is the purpose of these options?
A. They filter the container list based on default or user-saved filters.
B. They permit analysts to select the app that is polled to create the containers.
C. They permit analysts to select cases related to an investigation.
D. They are only available for admins and would never be used by an analyst.
正解:A
質問 3:
If no data matches any filter conditions, what is the next block run by the playbook?
A. The next block.
B. The end block.
C. The start block.
D. The filter block.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?
A. Edit the container to allow CEF parameters.
B. Delete and recreate the artifact.
C. Edit the artifact to enable the List as Parameter option for the CEF value.
D. Type the CEF datapath in manually.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?
A. Make sure the Execute Playbook capability is removed from al roles except admin.
B. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.
C. Add a tag with restricted access to the restricted playbooks.
D. Place restricted playbooks in a second source repository that has restricted access.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which of the following can be edited or deleted in the Investigation page?
A. Artifact values
B. Action results
C. Approval records
D. Comments
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Which of the following queries would return all failed playbook runs from the REST API?
A. https://<PHANTOM_URL>/rest/playbook_run?_query_status="failed"
B. https://<PHANTOM_URL>/rest/playbook_run?_filter_status "failed"
C. https://<PHANTOM_URL>/rest/playbook_run?_filter_status failed
D. https://<PHANTOM_URL>/rest/playbook_run?_search_status=failed
正解:A
質問 8:
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible
A. Configure a second Splunk asset with the second query.
B. Install a second Splunk app and configure the query in the second app.
C. Enter the two queries in the asset as comma separated values.
D. Configure the second query in the Phantom app for Splunk.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
If two or more conditions apply to data in a filter block, which path is followed in the playbook?
A. Only the last matching condition will activate its path.
B. All matching paths will be followed, but the first path to reach the end block will terminate the playbook.
C. All paths with matching conditions are followed in parallel.
D. Only the first matching condition will activate its path.
正解:C
質問 2:
In the SOAR main menu, there are sub-options below Sources. What is the purpose of these options?
A. They filter the container list based on default or user-saved filters.
B. They permit analysts to select the app that is polled to create the containers.
C. They permit analysts to select cases related to an investigation.
D. They are only available for admins and would never be used by an analyst.
正解:A
質問 3:
If no data matches any filter conditions, what is the next block run by the playbook?
A. The next block.
B. The end block.
C. The start block.
D. The filter block.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.
How is it possible to enter the unlisted artifact value?
A. Edit the container to allow CEF parameters.
B. Delete and recreate the artifact.
C. Edit the artifact to enable the List as Parameter option for the CEF value.
D. Type the CEF datapath in manually.
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Some of the playbooks on the Phantom server should only be executed by members of the admin role. How can this rule be applied?
A. Make sure the Execute Playbook capability is removed from al roles except admin.
B. Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.
C. Add a tag with restricted access to the restricted playbooks.
D. Place restricted playbooks in a second source repository that has restricted access.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Which of the following can be edited or deleted in the Investigation page?
A. Artifact values
B. Action results
C. Approval records
D. Comments
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Which of the following queries would return all failed playbook runs from the REST API?
A. https://<PHANTOM_URL>/rest/playbook_run?_query_status="failed"
B. https://<PHANTOM_URL>/rest/playbook_run?_filter_status "failed"
C. https://<PHANTOM_URL>/rest/playbook_run?_filter_status failed
D. https://<PHANTOM_URL>/rest/playbook_run?_search_status=failed
正解:A
質問 8:
When configuring a Splunk asset for Phantom to connect to a SplunkC loud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible
A. Configure a second Splunk asset with the second query.
B. Install a second Splunk app and configure the query in the second app.
C. Enter the two queries in the asset as comma separated values.
D. Configure the second query in the Phantom app for Splunk.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
岛崎** -
かなりコスパが高いです。基本から丁寧に解説されているしっかりしたSPLK-2003テキストです。