Splunk IT Service Intelligence Certified Admin — Question 30

When the Splunk App for SOAR Export executes a Splunk search, which activities are completed?

Answer options

• A. CEF fields are mapped to CIM and a container is created on the Splunk server.
• B. CIM fields are mapped to CEF and a container is created on the Splunk server.
• C. CEF fields are mapped to CIM fields and a container is created on the SOAR server.
• D. CIM fields are mapped to CEF fields and a container is created on the SOAR server.

Correct answer: B

Explanation

The correct answer is B because when the export executes, it indeed maps CIM fields to CEF and establishes a container on the Splunk server. The other options are incorrect as they either misidentify the direction of field mapping or mistakenly state the creation of a container on the SOAR server instead of the Splunk server.