Splunk Exam SPLK-2003 Topic 17 Question 64 Discussion

Actual exam question for Splunk's SPLK-2003 exam

Question #: 64
Topic #: 17

[All SPLK-2003 Questions]

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

AMake sure the Execute Playbook capability is removed from all roles except admin.

BPlace restricted playbooks in a second source repository that has restricted access.

CAdd a filter block to all restricted playbooks that filters for runRole = 'Admin'.

DAdd a tag with restricted access to the restricted playbooks.

Show Suggested Answer

Suggested Answer: A

To restrict playbook execution to members of the admin role within Splunk SOAR, the 'Execute Playbook' capability must be managed appropriately. This is done by ensuring that this capability is removed from all other roles except the admin role. Role-based access control (RBAC) in Splunk SOAR allows for granular permissions, which means you can configure which roles have the ability to execute playbooks, and by restricting this capability, you can control which users are able to initiate playbook runs.

by Frederick at Apr 05, 2025, 02:32 AM

Limited Time Offer

25%

Off

Get Premium SPLK-2003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lisha

2 days ago

Hmm, I'm not sure about option B. Keeping restricted playbooks in a separate repo seems a bit complex. I'd go with C - the filter block is a straightforward solution.

upvoted 0 times

...

Gennie

16 days ago

Option C looks like the way to go. Filtering for the admin role is a solid approach to ensure only the right people can execute those playbooks.

upvoted 0 times

...