A.  

Set action_result.summary. status to required.

B.  

Set the user prompt to reinvoke if it times out.

C.  

Set action_result. summary. response to required.

D.  

Add a decision Mode

A.  

Use the py-postgresq1 module to directly save the data in the Postgres database.

B.  

Cal the child playbooks getter function.

C.  

Create artifacts using one playbook and collect those artifacts in another playbook.

D.  

Use the Handle method to pass data directly between playbooks.

A.  

Assets provide location, credentials, and other parameters needed to run actions.

B.  

Assets provide hostnames, passwords, and other artifacts needed to run actions.

C.  

Assets provide Python code, REST API, and other capabilities needed to run actions.

D.  

Assets provide firewall, network, and data sources needed to run actions.

A.  

GitHub and Splunkbase.

B.  

SOAR Community and GitHub.

C.  

Splunkbase and SOAR Community.

D.  

Splunk Answers and Splunkbase.

A.  

With the > action button in the analyst queue page.

B.  

By executing a playbook in the Playbooks section.

C.  

With the > action button in the Investigation page.

D.  

With the > asset button in the asset configuration section.

A.  

Non-Human

B.  

Automation

C.  

Automation Engineer

D.  

Service Account

A.  

phantom.debug()

B.  

phantom.exception()

C.  

phantom.print ()

D.  

phantom.assert()

A.  

Prompt and decision blocks.

B.  

Decision and action blocks.

C.  

Filter and decision blocks.

D.  

Filter and prompt blocks.

A.  

The container has artifacts not parameters.

B.  

The playbook is using an incorrect container.

C.  

The playbook debugger's scope is set to new.

D.  

The playbook debugger's scope is set to all.

A.  

SAML3

B.  

PIV/CAC

C.  

Biometrics

D.  

OpenID

A.  

Event Name and Artifact Names.

B.  

Event Name, Notes, Comments.

C.  

Event Name or ID.

A.  

Amount of memory.

B.  

Number of processors.

C.  

Amount of storage.

D.  

Bandwidth of network.

A.  

By restarting the playbook daemon.

B.  

On the System Health page.

C.  

In Administration > Server Settings.

D.  

By restarting the automation service.

A.  

Synchronous execution has not been configured.

B.  

The first playbook is performing poorly.

C.  

The sleep option for the second playbook is not set to a long enough interval.

D.  

Incorrect join configuration on the second playbook.

A.  

Child playbooks can access parent playbook data while the parent Is still running.

B.  

By setting scope to ALL when starting the child.

C.  

When configuring the playbook block in the parent, add the desired results in the Scope parameter.

D.  

The parent can create an artifact with the data needed by the did.

A.  

New, In Progress, Closed

B.  

Low, Medium, High

C.  

Mew, Open, Resolved

D.  

Low, Medium, Critical

A.  

The end block.

B.  

The start block.

C.  

The filter block.

D.  

The next block.

A.  

Name

B.  

Name, Data Type

C.  

Name, Value

D.  

Name, Data Type, Severity

A.  

Add a filter block to al restricted playbooks that Titters for runRole - "Admin''.

B.  

Add a tag with restricted access to the restricted playbooks.

C.  

Make sure the Execute Playbook capability is removed from al roles except admin.

D.  

Place restricted playbooks in a second source repository that has restricted access.

A.  

Any user in a role with write access to the case's workbook can be assigned to tasks.

B.  

Add the required users to the authorized list for the container.

C.  

Any user with a role that has Perform Task enabled can execute tasks for workbooks.

D.  

The container owner can assign any authorized user to any task in a workbook.

A.  

0

B.  

Default

C.  

1

D.  

*

A.  

Action blocks

B.  

Filter blocks

C.  

API blocks

D.  

Decision blocks

A.  

phantom.new_artifact ()

B.  

phantom. update ()

C.  

phantom.create_artifact ()

D.  

phantom.add_artifact ()

A.  

INFO

B.  

WARN

C.  

ERROR

D.  

DEBUG

A.  

Null IP addresses

B.  

Non-null IP addresses

C.  

Non-null destinationAddresses

D.  

Null values

A.  

Make sure the Execute Playbook capability is removed from all roles except admin.

B.  

Place restricted playbooks in a second source repository that has restricted access.

C.  

Add a filter block to all restricted playbooks that filters for runRole = "Admin".

D.  

Add a tag with restricted access to the restricted playbooks.

A.  

Labels determine the service level agreement (SLA) for a container.

B.  

Labels control the default seventy, ownership, and sensitivity for the container.

C.  

Labels control which apps are allowed to execute actions on the container.

D.  

Labels determine which playbook(s) are executed when a container is created.