Splunk SPLK-2003 Exam - Topic 2 Question 79 Discussion

Actual exam question for Splunk's SPLK-2003 exam

Question #: 79
Topic #: 2

[All SPLK-2003 Questions]

Two action blocks, geolocate_ip 1 and file_reputation_2, are connected to a decision block. Which of the following is a correct configuration for making a decision on the action results from one of the given blocks?

AOption A

BOption B

COption C

DOption D

Show Suggested Answer

Suggested Answer: A

In the given decision block, you are trying to evaluate the results of two action blocks: geolocate_ip_1 and file_reputation_2. The correct configuration for making a decision based on the result of geolocate_ip_1 is by checking the country_iso_code field from the action result and setting the evaluation option to != (not equal), with no specific value provided in the 'Select Value' box. This essentially checks whether a valid country ISO code exists in the action result and proceeds if it's not empty or different from a specific value. This is a common check when working with geolocation results to see if a response has been returned.

Other options (B, C, and D) include response codes or list comparisons, which do not align with the decision structure mentioned, which needs to operate based on a country_iso_code field.

Splunk SOAR Playbook Development Guide.

Splunk SOAR Documentation on Decision Blocks and Action Result Evaluation.

by Wilbert at Apr 07, 2026, 01:16 PM

Limited Time Offer

25%

Off

Get Premium SPLK-2003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ruthann

2 days ago

I think we practiced a similar question where we had to choose the right configuration based on action results. I feel like Option C might be the right choice.

upvoted 0 times

...

Glenn

7 days ago

I remember we discussed how decision blocks evaluate the results from action blocks, but I’m not sure which option correctly represents that.

upvoted 0 times

...