Splunk Observability Cloud Certified Metrics User — Question 64

Which of the following use cases is best suited to be a Splunk SOAR Playbook?

Answer options

• A. Forming hypothesis for Threat Hunting.
• B. Visualizing complex datasets.
• C. Creating persistent field extractions.
• D. Taking containment action on a compromised host.

Correct answer: D

Explanation

The correct answer, D, is appropriate because Splunk SOAR Playbooks are designed to automate responses to security incidents, such as containing compromised hosts. The other options, while relevant to security and data analysis, do not align with the primary function of a SOAR Playbook in incident response.