Stay ahead by continuously learning and advancing your career. Learn More

Splunk SOAR Certified Automation Developer Practice exam

description

Bookmark Enrolled Intermediate

Splunk SOAR Certified Automation Developer Practice exam

The Splunk SOAR Certified Automation Developer exam, previously known as the Splunk Phantom Certified Admin Exam, validates your ability to install, configure, and manage Splunk SOAR (Security Orchestration, Automation, and Response)  platforms. Earning this certification demonstrates your proficiency in using Splunk SOAR to automate security workflows, streamline incident response processes, and enhance your organization's security posture.

Who Should Take This Exam?

  • Deepen their expertise: Specialize in automating security processes using Splunk SOAR.
  • Advance their careers: Qualify for roles involving Splunk SOAR administration and automation development.
  • Validate their skills: Demonstrate their knowledge and expertise to potential employers in the security operations field.

Prerequisites

There are no formal prerequisites for taking the Splunk SOAR Certified Automation Developer exam. However, a foundational understanding of security operations concepts and experience with scripting languages like Python would be beneficial.

Roles and Responsibilities 

  • Security Automation Engineer: Developing and deploying security automation playbooks within Splunk SOAR.
  • Security Orchestration and Automation Response (SOAR) Analyst: Configuring and managing Splunk SOAR instances to automate security workflows and incident response processes.
  • Security Operations Center (SOC) Analyst: Utilizing Splunk SOAR to streamline security operations tasks and investigations within a SOC environment.

Exam Details

  • Exam Name: Splunk Phantom Certified Admin
  • Number of Questions: 121
  • Length of Time:  117 minutes
  • Exam Language: English

Course Outline

The Splunk Phantom Certified Admin Exam covers the following topics -

Topic 1: Deployment, Installation, and Initial Configuration 5%

  • 1.1 Describe Phantom operating concepts
  • 1.2 Identify documentation and community resources
  • 1.3 Identify installation and upgrade options
  • 1.4 Describe Phantom architecture
  • 1.5 Configure licenses, administration, and product settings

Topic 2: User Management and Multi-tenancy 5%

  • 2.1 Configure authentication options
  • 2.2 Add users
  • 2.3 Add roles
  • 2.4 Configure multiple tenants in a Phantom site

Topic 3: Apps, Assets, and Playbooks 5%

  • 3.1 Configure apps
  • 3.2 Configure assets
  • 3.3 Configure data ingestion assets
  • 3.4 Configure labels and SLAs
  • 3.5 Manage Playbooks

Topic 4: Analyst Queue 5%

  • 4.1 Use the Analyst Queue
  • 4.2 Use search features
  • 4.3 Create filters
  • 4.4 Use the indicator view

Topic 5: The Investigation Page 10%

  • 5.1 Use the Investigation page to work on events
  • 5.2 Manually run actions and examine action results
  • 5.3 Manually run playbooks
  • 5.4 Use the vault to store related files

Topic 6: Case Management and Workbooks 5%

  • 6.1 Use case management for complex investigations
  • 6.2 Use workbooks
  • 6.3 Mark items as evidence

Topic 7: Customizations 5%

  • 7.1 Customize severity levels
  • 7.2 Customize CEF fields
  • 7.3 Customize status values
  • 7.4 Customize workbooks
  • 7.5 Add global custom fields to containers

Topic 8: System Maintenance 5%

  • 8.1 Run reports
  • 8.2 Use system health displays
  • 8.3 Examine health logs
  • 8.4 Identify steps to back up and restore a Phantom server

Topic 9: Introduction to Playbooks 5%

  • 9.1 Understand automation best practices
  • 9.2 Describe playbook capabilities
  • 9.3 Determine available app actions
  • 9.4 Use I2A2 design methodology

Topic 10: Visual Playbook Editor 5%

  • 10.1 Use the visual playbook editor
  • 10.2 Execute actions from a playbook
  • 10.3 Test new playbooks

Topic 11: Logic, Filters, and User Interaction 5%

  • 11.1 Use decision blocks
  • 11.2 Use filter blocks to process data
  • 11.3 Describe the use of different join options
  • 11.4 Interact with users during playbook execution

Topic 12: Formatted Output and Data Access 5%

  • 12.1 Use Format blocks to structure data
  • 12.2 Understand the structure of action results
  • 12.3 Compose datapaths to access data
  • 12.4 Use the API block to modify containers

Topic 13: Modular Playbook Development 5%

  • 13.1 Design modular solutions with interacting playbooks
  • 13.2 Invoke child playbooks from a parent
  • 13.3 Exchange data between playbooks using artifacts

Topic 14: Custom Lists and Data Routing 5%

  • 14.1 Create custom lists
  • 14.2 Access lists from playbooks
  • 14.3 Use filters to control data flow

Topic 15: Configuring External Splunk Search 5%

  • 15.1 Describe the benefits of externalizing search to Splunk
  • 15.2 Configure the Phantom instance for externalization
  • 15.3 Configure the Splunk instance for externalization
  • 15.4 Use reindex to push existing content to the Splunk instance
  • 15.5 Use the Splunk app for Phantom Reporting

Topic 16: Integrating Phantom into Splunk 10%

  • 16.1 Install the Phantom app for Splunk
  • 16.2 Send Enterprise Security notables to Phantom
  • 16.3 Install and configure the Splunk app in Phantom
  • 16.4 Use Splunk search from playbooks

Topic 17: Custom Coding 5%

  • 17.1 Describe when and when not to use the global block
  • 17.2 Use custom function blocks
  • 17.3 Write and test custom Phantom code

Topic 18: Using REST 5%

  • 18.1 Describe the capabilities of Phantom REST API
  • 18.2 Use Django queries to search for data in Phantom
  • 18.3 Use Phantom REST from other systems to access Phantom data

Reviews

Be the first to write a review for this product.

Write a review

Note: HTML is not translated!
Bad           Good