Splunk IT Service Intelligence Certified Admin — Question 22

Which visual playbook editor block is used to assemble commands and data into a valid Splunk search within a SOAR playbook?

Answer options

• A. An action block.
• B. A filter block.
• C. A prompt block.
• D. A format block.

Correct answer: A

Explanation

The correct answer is A, as the action block is specifically designed for assembling commands and data necessary for executing a Splunk search within a SOAR playbook. The other options, such as filter, prompt, and format blocks, serve different purposes and do not compile commands into a search query.