Keep Calm and Study On - Unlock Your Success - Use #TOGETHER for 30% discount at Checkout
Testprep Training

Splunk SOAR Certified Automation Developer Practice Exam

Splunk SOAR Certified Automation Developer Practice Exam


About Splunk SOAR Certified Automation Developer Exam

The Splunk SOAR Certified Automation Developer Exam has been developed to master the installation, configuration, and integration of SOAR servers with the Splunk platform. The exam also helps in gaining comprehensive knowledge in developing diverse SOAR playbooks, including custom coding and REST API usage. Validate your proficiency and set yourself apart in the cybersecurity field.


Skills Acquired

  • Learn to master the installation and configuration of SOAR servers.
  • Seamlessly integrate SOAR with the Splunk platform.
  • Develop comprehensive SOAR playbooks, including custom coding and REST API functionalities.
  • Learn about installation to configuration, learn to use SOAR servers effectively.
  • Enhance your capabilities in planning, designing, creating, and debugging SOAR playbooks.


Who Should Take the Exam?

The exam is suitable to take the exam -

Cybersecurity Professionals

  • Expand your expertise in one of the fastest-growing industries.
  • Demonstrate your proficiency with the Splunk SOAR product and enhance your professional profile.


SOC Analysts

  • Advance your career and establish yourself as a cybersecurity expert with the Splunk SOAR certification.


Splunk Enterprise Security Administrators:

  • Stay competitive in the industry as more organizations build robust cybersecurity portfolios with Splunk Enterprise Security and SOAR.


Exam Details

  • Level: Professional
  • Prerequisites: None
  • Length: 60 minutes
  • Format: 45 multiple-choice questions


Exam Outline

The Splunk SOAR Certified Automation Developer Exam covers the following topics - 

Domain 1 - Understanding Deployment, Installation, and Initial Configuration - 5%

1.1 Describe SOAR operating concepts

1.2 Identify documentation and community resources

1.3 Identify installation and upgrade options

1.4 Describe SOAR architecture

1.5 Configure licenses, administration, and product settings


Domain 2 - Understanding User Management - 5%

2.1 Configure authentication options

2.2 Add users

2.3 Add roles


Domain 3 - Understanding Apps, Assets, and Playbooks - 5%

3.1 Configure apps

3.2 Configure assets

3.3 Configure data ingestion assets

3.4 Configure labels and SLAs

3.5 Manage playbooks


Domain 4 - Understanding Analyst Queue - 5%


4.1 Use the Analyst Queue

4.2 Use search features

4.3 Create filters

4.4 Use the indicator view


Domain 5 - Understanding The Investigation Page - 10%

5.1 Use the Investigation page to work on events

5.2 Manually run actions and examine action results

5.3 Manually run playbooks

5.4 Use the file tab to store related files


Domain 6 - Understanding Case Management and Workbooks - 5%

6.1 Use case management for complex investigations

6.2 Use workbooks

6.3 Mark items as evidence


Domain 7 - Understanding Customizations - 5%

7.1 Customize severity levels

7.2 Customize CEF fields

7.3 Customize status values

7.4 Customize workbooks

7.5 Add global custom fields to containers


Domain 8 - Understanding System Maintenance - 5%

8.1 Run reports

8.2 Use system health displays

8.3 Examine health logs


Domain 9 - Understanding Introduction to Playbooks - 5%

9.1 Understand automation best practices

9.2 Describe playbook capabilities

9.3 Determine available app actions

9.4 Use I2A2 design methodology


Domain 10 - Understanding Visual Playbook Editor - 5%

10.1 Use the visual playbook editor

10.2 Execute actions from a playbook

10.3 Test new playbooks


Domain 11 - Understanding Logic, Filters, and User Interaction - 5%

11.1 Use decision blocks

11.2 Use filter blocks to process data

11.3 Describe the use of different join options

11.4 Interact with users during playbook execution


Domain 12 - Understanding Formatted Output and Data Access - 5%

12.1 Use Format blocks to structure data

12.2 Understand the structure of action results

12.3 Compose datapaths to access data

12.4 Use the utility block to modify containers


Domain 13 - Understanding Modular Playbook Development - 5%

13.1 Design modular solutions with interacting playbooks

13.2 Invoke child playbooks from a parent

13.3 Exchange data between playbooks


Domain 14 - Understanding Custom Lists and Data Routing - 5%

14.1 Create custom lists

14.2 Access lists from playbooks

14.3 Use filters to control data flow


Domain 15 - Understanding Configuring External Splunk Search - 5%

15.1 Describe the benefits of externalizing search to Splunk

15.2 Configure the SOAR instance for externalization

15.3 Configure the Splunk instance for externalization

15.4 Use reindex to push existing content to the Splunk instance

15.5 Use the Splunk app for Phantom Reporting


Domain 16 - Understanding Integrating SOAR into Splunk - 10%

16.1 Install the Splunk App for SOAR Export

16.2 Send Enterprise Security notables to SOAR

16.3 Install and configure the Splunk app in SOAR

16.4 Use Splunk search from playbooks


Domain 17 - Understanding Custom Coding - 5%

17.1 Describe when and when not to use the global block

17.2 Use custom function blocks

17.3 Write and test custom SOAR code


Domain 18 - Understanding Using REST - 5%

18.1 Describe the capabilities of SOAR REST API

18.2 Use Django queries to search for data in SOAR

18.3 Use SOAR REST from other systems to access SOAR data


Tags: Splunk SOAR Certified Automation Developer Practice Exam, Splunk SOAR Certified Automation Developer Free Test, Splunk SOAR Certified Automation Developer Exam Questions, Splunk SOAR Certified Automation Developer Tutorial