Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-2003 Topic 17 Question 64 Discussion

Actual exam question for Splunk's SPLK-2003 exam
Question #: 64
Topic #: 17
[All SPLK-2003 Questions]

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

Show Suggested Answer Hide Answer
Suggested Answer: A

To restrict playbook execution to members of the admin role within Splunk SOAR, the 'Execute Playbook' capability must be managed appropriately. This is done by ensuring that this capability is removed from all other roles except the admin role. Role-based access control (RBAC) in Splunk SOAR allows for granular permissions, which means you can configure which roles have the ability to execute playbooks, and by restricting this capability, you can control which users are able to initiate playbook runs.


by Frederick at Apr 05, 2025, 02:32 AM

Limited Time Offer

25%

Off

Get Premium SPLK-2003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Pedro
29 days ago
Option C is the way forward, no doubt. Gotta keep those playbooks in the hands of the chosen few, am I right?
upvoted 0 times
Dean
23 hours ago
C) Add a filter block to all restricted playbooks that filters for runRole = 'Admin'.
upvoted 0 times
...
...
Shalon
1 months ago
I see both points, but I personally prefer option B. Keeping restricted playbooks in a separate repository adds an extra layer of security.
upvoted 0 times
...
Orville
1 months ago
I disagree, I think option C is more secure. Adding a filter block directly to the playbooks is more foolproof.
upvoted 0 times
...
Nana
1 months ago
I think option A is the best choice. It ensures that only admins can execute the playbooks.
upvoted 0 times
...
Allene
1 months ago
I bet the admin role has a secret handshake or something. Option C is the way to keep those playbooks on lockdown.
upvoted 0 times
Luisa
22 hours ago
Yeah, adding a filter block for runRole = 'Admin' seems like a secure way to restrict access.
upvoted 0 times
...
Fernanda
8 days ago
I agree, option C sounds like the best way to ensure only admins can execute those playbooks.
upvoted 0 times
...
...
Ocie
1 months ago
Ah, the admin role strikes again! Option C is definitely the way to go. Can't have the regular folks messing with the important stuff, right?
upvoted 0 times
...
Lisha
1 months ago
Hmm, I'm not sure about option B. Keeping restricted playbooks in a separate repo seems a bit complex. I'd go with C - the filter block is a straightforward solution.
upvoted 0 times
Alesia
13 days ago
True, but adding a filter block ensures only admins can run the playbooks.
upvoted 0 times
...
Corinne
21 days ago
But wouldn't removing the Execute Playbook capability work as well?
upvoted 0 times
...
Ruthann
27 days ago
I agree, option C seems like the simplest solution.
upvoted 0 times
...
...
Gennie
2 months ago
Option C looks like the way to go. Filtering for the admin role is a solid approach to ensure only the right people can execute those playbooks.
upvoted 0 times
Sheron
3 days ago
True, adding a tag for restricted access could also help in controlling who can execute the playbooks.
upvoted 0 times
...
Diego
7 days ago
That could work too, but filtering seems more specific to the admin role.
upvoted 0 times
...
Nichelle
8 days ago
But wouldn't removing the Execute Playbook capability from non-admin roles also work?
upvoted 0 times
...
Cathern
18 days ago
I agree, filtering for the admin role is a good way to restrict access.
upvoted 0 times
...
...

Save Cancel