Splunk IT Service Intelligence Certified Admin — Question 28

Some of the playbooks on the SOAR server should only be executed by members of the admin role. How can this rule be applied?

Answer options

• A. Make sure the Execute Playbook capability is removed from all roles except admin.
• B. Place restricted playbooks in a second source repository that has restricted access.
• C. Add a tag with restricted access to the restricted playbooks.
• D. Add a filter block to all restricted playbooks that filters for runRole = "Admin".

Correct answer: A

Explanation

The correct answer is A because removing the Execute Playbook capability from all roles except admin ensures that only admins can run those playbooks. The other options do not effectively prevent users in non-admin roles from executing the playbooks, as they either rely on additional repositories or tagging that may still allow access.