Splunk IT Service Intelligence Certified Admin — Question 14

Splunk user account(s) with which roles must be created to configure SOAR with an external Splunk Enterprise instance?

Answer options

• A. phantomsearch, phantomdelete
• B. phantomcreate, phantomedit
• C. superuser, administrator
• D. admin, user

Correct answer: A

Explanation

The correct roles, phantomsearch and phantomdelete, are specifically required for SOAR integration to access and manage incidents effectively. The other options either do not provide the necessary permissions or roles specific to SOAR functionalities.