Summer Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

Splunk SOAR Certified Automation Developer Exam Question and Answers

Splunk SOAR Certified Automation Developer Exam

Last Update Oct 15, 2025
Total Questions : 110

We are offering FREE SPLK-2003 Splunk exam questions. All you do is to just go and sign up. Give your details, prepare SPLK-2003 free exam questions and then go for complete pool of Splunk SOAR Certified Automation Developer Exam test questions that will help you more.

SPLK-2003 pdf

SPLK-2003 PDF

$42  $104.99
 Add to Cart
SPLK-2003 Engine

SPLK-2003 Testing Engine

$50  $124.99
 Add to Cart
SPLK-2003 PDF + Engine

SPLK-2003 PDF + Testing Engine

$66  $164.99
 Add to Cart
Questions 1

What is the simplest way to pass data between playbooks?

Options:

A.  

Action results

B.  

File system

C.  

Artifacts

D.  

KV Store

Discussion 0
Questions 2

Which of the following are the default ports that must be configured on Splunk to allow connections from SOAR?

Options:

A.  

SplunkWeb (8088), SplunkD (8089), HTTP Collector (8000)

B.  

SplunkWeb (8089), SplunkD (8088), HTTP Collector (8000)

C.  

SplunkWeb (8000), SplunkD (8089), HTTP Collector (8088)

D.  

SplunkWeb (8469), SplunkD (8702), HTTP Collector (8864)

Discussion 0
Questions 3

How can the DECIDED process be restarted?

Options:

A.  

By restarting the playbook daemon.

B.  

On the System Health page.

C.  

In Administration > Server Settings.

D.  

By restarting the automation service.

Discussion 0
Questions 4

During a second test of a playbook, a user receives an error that states: 'an empty parameters list was passed to phantom.act()." What does this indicate?

Options:

A.  

The container has artifacts not parameters.

B.  

The playbook is using an incorrect container.

C.  

The playbook debugger's scope is set to new.

D.  

The playbook debugger's scope is set to all.

Discussion 0
Questions 5

Which of the following expressions will output debug information to the debug window in the Visual Playbook Editor?

Options:

A.  

phantom.debug()

B.  

phantom.exception()

C.  

phantom.print ()

D.  

phantom.assert()

Discussion 0
Questions 6

Which of the following can be edited or deleted in the Investigation page?

Options:

A.  

Action results

B.  

Comments

C.  

Approval records

D.  

Artifact values

Discussion 0
Questions 7

Which of the following supported approaches enables Phantom to run on a Windows server?

Options:

A.  

Install the Phantom RPM in a GNU Cygwin implementation.

B.  

Run the Phantom OVA as a cloud instance.

C.  

Install the Phantom RPM file in Windows Subsystem for Linux (WSL).

D.  

Run the Phantom OVA as a virtual machine.

Discussion 0
Questions 8

What are indicators?

Options:

A.  

Action result items that determine the flow of execution in a playbook.

B.  

Action results that may appear in multiple containers.

C.  

Artifact values that can appear in multiple containers.

D.  

Artifact values with special security significance.

Discussion 0
Questions 9

Is it possible to import external Python libraries such as the time module?

Options:

A.  

No.

B.  

No, but this can be changed by setting the proper permissions.

C.  

Yes, in the global block.

D.  

Yes. from a drop-down menu.

Discussion 0
Questions 10

Which of the following are tabs of an asset configuration?

Options:

A.  

Asset Name, Asset IP, Asset URL, Asset Nickname

B.  

Tags, Asset Name, Asset Date, Asset Order

C.  

App Name, App Order, App Expiry, App Version

D.  

Asset Info, Asset Settings, Approval Settings, Access Control

Discussion 0
Questions 11

How can more than one user perform tasks in a workbook?

Options:

A.  

Any user in a role with write access to the case's workbook can be assigned to tasks.

B.  

Add the required users to the authorized list for the container.

C.  

Any user with a role that has Perform Task enabled can execute tasks for workbooks.

D.  

The container owner can assign any authorized user to any task in a workbook.

Discussion 0
Questions 12

Which is the primary system requirement that should be increased with heavy usage of the file vault?

Options:

A.  

Amount of memory.

B.  

Number of processors.

C.  

Amount of storage.

D.  

Bandwidth of network.

Discussion 0
Questions 13

After a playbook has run, where are the results stored?

Options:

A.  

Splunk Index

B.  

Case

C.  

Container

D.  

Log file

Discussion 0
Questions 14

Seventy can be set during ingestion and later changed manually. What other mechanism can change the severity or a container?

Options:

A.  

Notes

B.  

Actions

C.  

Service level agreement (SLA) expiration

D.  

Playbooks

Discussion 0
Questions 15

When assigning an input parameter to an action while building a playbook, a user notices the artifact value they are looking for does not appear in the auto-populated list.

How is it possible to enter the unlisted artifact value?

Options:

A.  

Type the CEF datapath in manually.

B.  

Delete and recreate the artifact.

C.  

Edit the artifact to enable the List as Parameter option for the CEF value.

D.  

Edit the container to allow CEF parameters.

Discussion 0
Questions 16

Which of the following is an asset ingestion setting in SOAR?

Options:

A.  

Polling Interval

B.  

Tag

C.  

File format

D.  

Operating system

Discussion 0
Questions 17

Which two playbook blocks can discern which path in the playbook to take next?

Options:

A.  

Prompt and decision blocks.

B.  

Decision and action blocks.

C.  

Filter and decision blocks.

D.  

Filter and prompt blocks.

Discussion 0
Questions 18

Which of the following can be done with the System Health Display?

Options:

A.  

Create a temporary, edited version of a process and test the results.

B.  

Partially rewind processes, which is useful for debugging.

C.  

View a single column of status for SOAR processes. For metrics, click Details.

D.  

Reset DECIDED to reset playbook environments back to at-start conditions.

Discussion 0
Questions 19

How can a child playbook access the parent playbook's action results?

Options:

A.  

Child playbooks can access parent playbook data while the parent Is still running.

B.  

By setting scope to ALL when starting the child.

C.  

When configuring the playbook block in the parent, add the desired results in the Scope parameter.

D.  

The parent can create an artifact with the data needed by the did.

Discussion 0
Questions 20

How is it possible to evaluate user prompt results?

Options:

A.  

Set action_result.summary. status to required.

B.  

Set the user prompt to reinvoke if it times out.

C.  

Set action_result. summary. response to required.

D.  

Add a decision Mode

Discussion 0
Questions 21

When configuring a Splunk asset for SOAR to connect to a Splunk Cloud instance, the user discovers that they need to be able to run two different on_poll searches. How is this possible?

Options:

A.  

Install a second Splunk app and configure the query in the second app.

B.  

Configure the second query in the Splunk App for SOAR Export.

C.  

Enter the two queries in the asset as comma separated values.

D.  

Configure a second Splunk asset with the second query.

Discussion 0
Questions 22

Which of the following are examples of things commonly done with the Phantom REST APP

Options:

A.  

Use Django queries; use curl to create a container and add artifacts to it; remove temporary lists.

B.  

Use Django queries; use Docker to create a container and add artifacts to it; remove temporary lists.

C.  

Use Django queries; use curl to create a container and add artifacts to it; add action blocks.

D.  

Use SQL queries; use curl to create a container and add artifacts to it; remove temporary lists.

Discussion 0
Questions 23

In addition to full backups. Phantom supports what other backup type using backup?

Options:

A.  

Snapshot

B.  

Incremental

C.  

Partial

D.  

Differential

Discussion 0
Questions 24

Which visual playbook editor block is used to assemble commands and data into a valid Splunk search within a SOAR playbook?

Options:

A.  

An action block.

B.  

A filter block.

C.  

A format block.

D.  

A prompt block.

Discussion 0
Questions 25

What is the main purpose of using a customized workbook?

Options:

A.  

Workbooks automatically implement a customized processing of events using Python code.

B.  

Workbooks guide user activity and coordination during event analysis and case operations.

C.  

Workbooks apply service level agreements (SLAs) to containers and monitor completion status on the ROI dashboard.

D.  

Workbooks may not be customized; only default workbooks are permitted within Phantom.

Discussion 0
Questions 26

When analyzing events, a working on a case, significant items can be marked as evidence. Where can ail of a case's evidence items be viewed together?

Options:

A.  

Workbook page Evidence tab.

B.  

Evidence report.

C.  

Investigation page Evidence tab.

D.  

At the bottom of the Investigation page widget panel.

Discussion 0
Questions 27

A user wants to use their Splunk Cloud instance as the external Splunk instance for Phantom. What ports need to be opened on the Splunk Cloud instance to facilitate this? Assume default ports are in use.

Options:

A.  

TCP 8088 and TCP 8099.

B.  

TCP 80 and TCP 443.

C.  

Splunk Cloud is not supported.

D.  

TCP 8080 and TCP 8191.

Discussion 0
Questions 28

What is the default embedded search engine used by SOAR?

Options:

A.  

Embedded Splunk search engine.

B.  

Embedded SOAR search engine.

C.  

Embedded Django search engine.

D.  

Embedded Elastic search engine.

Discussion 0
Questions 29

Splunk user account(s) with which roles must be created to configure Phantom with an external Splunk Enterprise instance?

Options:

A.  

superuser, administrator

B.  

phantomcreate. phantomedit

C.  

phantomsearch, phantomdelete

D.  

admin,user

Discussion 0
Questions 30

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

Options:

A.  

Make sure the Execute Playbook capability is removed from all roles except admin.

B.  

Place restricted playbooks in a second source repository that has restricted access.

C.  

Add a filter block to all restricted playbooks that filters for runRole = "Admin".

D.  

Add a tag with restricted access to the restricted playbooks.

Discussion 0
Questions 31

When the Splunk App for SOAR Export executes a Splunk search, which activities are completed?

Options:

A.  

CEF fields are mapped to CIM flelds and a container is created on the SOAR server.

B.  

CIM fields are mapped to CEF fields and a container is created on the SOAR server.

C.  

CEF fields are mapped to CIM and a container is created on the Splunk server.

D.  

CIM fields are mapped to CEF and a container is created on the Splunk server.

Discussion 0
Questions 32

Where can the Splunk App for SOAR Export be downloaded from?

Options:

A.  

GitHub and Splunkbase.

B.  

SOAR Community and GitHub.

C.  

Splunkbase and SOAR Community.

D.  

Splunk Answers and Splunkbase.

Discussion 0
Questions 33

Which of the following is true about a child playbook?

Options:

A.  

The child playbook does not have access to the parent playbook's container or action result data.

B.  

The child playbook does not have access to the parent playbook's container, but to the parent's action result data.

C.  

The child playbook has access to the parent playbook's container and the parent's action result data.

D.  

The child playbook has access to the parent playbook's container, but not to the parent's action result data.

Discussion 0
SPLK-2003 Questions Answers | SPLK-2003 Test Prep | Splunk SOAR Certified Automation Developer Exam Questions PDF | SPLK-2003 Online Exam | SPLK-2003 Practice Test | SPLK-2003 PDF | SPLK-2003 Test Questions | SPLK-2003 Study Material | SPLK-2003 Exam Preparation | SPLK-2003 Valid Dumps | SPLK-2003 Real Questions | Splunk SOAR Certified Automation Developer SPLK-2003 Exam Questions