Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

Home Exams Contribute Leaderboard

Home Exams Contribute Leaderboard Login

Loading questions...

info@examcademy.com

Features

Contribute Questions Leaderboard

Community

Discord

YouTube

Legal

ExamCademy is not affiliated with or endorsed by any certification providers. All trademarks are the property of their respective owners.

SPLK-2003 by Splunk - Page 1 | ExamCademy | ExamCademy

Exams
Splunk
SPLK-2003

SPLK-2003Preview

By Splunk

Updated

25Q per page

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Want a break from the ads?

Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.

Go ad-free

Question 6

Question 7

Question 8

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Page 1 of 2 • Questions 1-25 of 37

1 2

→

Know a question that should be here? Contribute to this exam

Which of the following can be edited or deleted in the Investigation page?

A Action results
B Comments
C Artifact values
D Approval records

How can the DECIDED process be restarted?

A By restarting the automation service.
B By restarting the playbook daemon.
C In Administration > Server Settings.
D On the System Health page.

How does a user determine which app actions are available?

A Add an action block to a playbook canvas area.
B In the visual playbook editor, click Active and click the Available App Actions dropdown.
C From the Apps menu, click the supported actions dropdown for each app.
D Search the Apps category in the global search field.

Which of the following roles is appropriate for a Splunk SOAR account that will only be used to execute automated tasks?

A Service Account
B Automation Engineer
C Non-Human
D Automation

Which of the following items cannot be modified once entered into SOAR?

A A comment.
B A note.
C A container.
D An artifact.

Which Splunk search command is used to send a notable event to SOAR?

A sendtophantom
B param.phantom
C sendevent
D cim_modactions

Which of the following is a step when configuring event forwarding from Splunk to SOAR?

A Create a saved search that generates the JSON for the new container on SOAR.
B Map CIM to CEF fields.
C Map CEF to CIM fields.
D Create a Splunk alert that uses the event_forward.py script to send events to SOAR.

Which of the following are tabs of an asset configuration?

A Asset Info, Asset Settings, Approval Settings, Access Control
B Asset Name, Asset IP, Asset URL, Asset Nickname
C Tags, Asset Name, Asset Date, Asset Order
D App Name, App Order, App Expiry, App Version