Pre-Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Splunk SPLK-3002 Splunk IT Service Intelligence Certified Admin Exam Exam Practice Test

Demo: 27 questions
Total 90 questions

Splunk IT Service Intelligence Certified Admin Exam Questions and Answers

Question 1

Which of the following describes a realistic troubleshooting workflow in ITSI?

Options:

A.

Correlation Search –> Deep Dive –> Notable Event

B.

Service Analyzer –> Notable Event Review –> Deep Dive

C.

Service Analyzer –> Aggregation Policy –> Deep Dive

D.

Correlation search –> KPI –> Aggregation Policy

Question 2

Which index will contain useful error messages when troubleshooting ITSI issues?

Options:

A.

_introspection

B.

_internal

C.

itsi_summary

D.

itsi_notable_audit

Question 3

Which deep dive swim lane type does not require writing SPL?

Options:

A.

Event lane.

B.

Automatic lane.

C.

Metric lane.

D.

KPI lane.

Question 4

What is an episode?

Options:

A.

A workflow task.

B.

A deep dive.

C.

A notable event group.

D.

A notable event.

Question 5

When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

Options:

A.

SA-ITOA

B.

ITSI app

C.

All ITSI components

D.

SA-ITSI-Licensechecker

Question 6

Which of the following is a characteristic of base searches?

Options:

A.

Search expression, entity splitting rules, and thresholds are configured at the base search level.

B.

It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.

C.

The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.

D.

The base search will execute whether or not a KPI needs it.

Question 7

Which of the following accurately describes base searches used for KPIs in a service?

Options:

A.

Base searches can be used for multiple services.

B.

A base search can only be used by its service and all dependent services.

C.

All the metrics in a base search are used by one service.

D.

All the KPIs in a service use the same base search.

Question 8

When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?

Options:

A.

Service, status, owner.

B.

Severity, status, owner.

C.

Severity, comments, service.

D.

Severity, status, service.

Question 9

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

Options:

A.

Only include KPIs if they will be used in multiple services.

B.

Analyze the business to determine the most critical services.

C.

Focus on low-level services.

D.

Define a large number of key services early.

Question 10

How can Service Now incidents be created automatically when a Multi-KPI alert triggers? (select all that apply)

Options:

A.

By creating a custom etc/apps/SA-lTOA/workflow_rules. conf

B.

By linking Entities to Service-Now configuration items.

C.

By creating a notable event aggregation policy with a SNOW incident action.

D.

By editing the associated correlation search and specifying an alert action.

Question 11

Which of the following is a characteristic of custom deep dives?

Options:

A.

Allows itoa_analyst roles to add comments.

B.

Requires at least 7 days' data to show anomalies.

C.

Combines metric, event, KPI, and service health score lanes.

D.

Uses drilldown to generate notable events via anomaly detection.

Question 12

How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?

Options:

A.

Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.

B.

Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.

C.

Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.

D.

Select “No” for both “Split by Entity” and “Filter to Entities in Service”.

Question 13

Anomaly detection can be enabled on which one of the following?

Options:

A.

KPI

B.

Multi-KPI alert

C.

Entity

D.

Service

Question 14

Which of the following is a problem requiring correction in ITSI?

Options:

A.

Twoormore entitieswiththe same service ID.

B.

Twoormore entitieswiththe same entity ID.

C.

Twoormore entitieswiththe same value in a single alias field.

D.

Twoormore entitieswiththe same entity key value inanyinfo field.

Question 15

After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved?

Options:

A.

Create service templates for each group and create the services from the templates.

B.

Create teams for each department and assign KPIs to each team.

C.

Create services for each group and set the permissions of the services to restrict them to each group.

D.

Create teams for each department and assign services to the teams.

Question 16

Which of the following is a valid type of Multi-KPI Alert?

Options:

A.

Score over composite.

B.

Value over time.

C.

Status over time.

D.

Rise over run.

Question 17

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

Options:

A.

Use | stats functions in custom fields to prepare the data for KPI calculations.

B.

Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C.

Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D.

Plan to build as many data models as possible for ITSI to leverage

Question 18

When a KPI's aggregate value is calculated, which function is called?

Options:

A.

stats

B.

tstats

C.

fieldsummary

D.

eval

Question 19

When in maintenance mode, which of the following is accurate?

Options:

A.

Once the window is over, KPIs and notable events will begin to be generated again.

B.

KPIs are shown in blue while in maintenance mode.

C.

Maintenance mode slots are scheduled on a per hour basis.

D.

Service health scores and KPI events are deleted until the window is over.

Question 20

Which of the following are the default ports that must be configured on Splunk to use ITSI?

Options:

A.

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B.

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C.

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D.

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Question 21

Which ITSI functions generate notable events? (Choose all that apply.)

Options:

A.

KPI threshold breaches.

B.

KPI anomaly detection.

C.

Multi-KPI alert.

D.

Correlation search.

Question 22

Which of the following is a good use case for creating a custom module?

Options:

A.

Modules are required to create entity and service import searches.

B.

Modules are required to be able to create custom visualizations for deep dives.

C.

Making it easy to migrate KPI base searches and related visualizations to other ITSI installations.

D.

Creating a service template to make it easy to automatically create new services during service and entity import.

Question 23

In which index are active notable events stored?

Options:

A.

itsi_notable_archive

B.

itsi_notable_audit

C.

itsi_tracked_alerts

D.

itsi_tracked_groups

Question 24

Which of the following is a characteristic of notable event groups?

Options:

A.

Notable event groups combine independent notable events.

B.

Notable event groups are created in the itsi_tracked_alerts index.

C.

Notable event groups allow users to adjust threshold settings.

D.

All of the above.

Question 25

Which of the following is a recommended best practice for ITSI installation?

Options:

A.

ITSI should not be installed on search heads that have Enterprise Security installed.

B.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Question 26

What is the default importance value for dependent services’ health scores?

Options:

A.

11

B.

1

C.

Unassigned

D.

10

Question 27

Which of the following items apply to anomaly detection? (Choose all that apply.)

Options:

A.

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Demo: 27 questions
Total 90 questions