What is enabled if the Logging option for a playbook's settings is enabled?
A. More detailed logging information Is available m the Investigation page.
B. All modifications to the playbook will be written to the audit log.
C. More detailed information is available in the debug window.
D. The playbook will write detailed execution information into the spawn.log.
If no data matches any filter conditions, what is the next block run by the playbook?
A. The end block.
B. The start block.
C. The filter block.
D. The next block.
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?
A. Incorrect Join configuration on the second playbook.
B. The first playbook is performing poorly.
C. The steep option for the second playbook is not set to a long enough interval.
D. Synchronous execution has not been configured.
What is the default embedded search engine used by SOAR?
A. Embedded Splunk search engine.
B. Embedded SOAR search engine.
C. Embedded Django search engine.
D. Embedded Elastic search engine.
A user has written a playbook that calls three other playbooks, one after the other. The user notices that the second playbook starts executing before the first one completes. What is the cause of this behavior?
A. Synchronous execution has not been configured.
B. The first playbook is performing poorly.
C. The sleep option for the second playbook is not set to a long enough interval.
D. Incorrect join configuration on the second playbook.
What users are included in a new installation of SOAR?
A. The admin and automation users are included by default.
B. The admin, power, and user users are included by default.
C. Only the admin user is included by default.
D. No users are included by default.
What is the primary objective of using the I2A2 playbook design methodology?
A. To create detailed playbooks.
B. To create playbooks that customers will not edit.
C. To meet customer requirements using a single playbook.
D. To create simple, reusable, modular playbooks.
How can the DECIDED process be restarted?
A. By restarting the playbook daemon.
B. On the System Health page.
C. In Administration > Server Settings.
D. By restarting the automation service.
What do assets provide for app functionality?
A. Assets provide location, credentials, and other parameters needed to run actions.
B. Assets provide hostnames, passwords, and other artifacts needed to run actions.
C. Assets provide Python code, REST API, and other capabilities needed to run actions.
D. Assets provide firewall, network, and data sources needed to run actions.
What does a user need to do to have a container with an event from Splunk use context- aware actions designed for notable events?
A. Include the notable event's event_id field and set the artifacts label to aplunk notable event id.
B. Rename the event_id field from the notable event to splunkNotableEventld.
C. Include the event_id field in the search results and add a CEF definition to Phantom for event_id, datatype splunk notable event id.
D. Add a custom field to the container named event_id and set the custom field's data type to splunk notable event id.