New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Splunk SPLK-3002 Splunk IT Service Intelligence Certified Admin Exam Exam Practice Test

Page: 1 / 9
Total 90 questions

Splunk IT Service Intelligence Certified Admin Exam Questions and Answers

Question 1

Which is the least permissive role required to modify default deep dives?

Options:

A.

itoa_analyst

B.

admin

C.

power

D.

itoa_admin

Question 2

Which of the following is a recommended best practice for ITSI installation?

Options:

A.

ITSI should not be installed on search heads that have Enterprise Security installed.

B.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Question 3

Which of the following is a characteristic of base searches?

Options:

A.

Search expression, entity splitting rules, and thresholds are configured at the base search level.

B.

It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.

C.

The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.

D.

The base search will execute whether or not a KPI needs it.

Question 4

Which of the following is a good use case regarding defining entities for a service?

Options:

A.

Automatically associate entities to services using multiple entity aliases.

B.

All of the entities have the same identifying field name.

C.

Being able to split a CPU usage KPI by host name.

D.

KPI total values are aggregated from multiple different category values in the source events.

Question 5

Which index will contain useful error messages when troubleshooting ITSI issues?

Options:

A.

_introspection

B.

_internal

C.

itsi_summary

D.

itsi_notable_audit

Question 6

Which of the following best describes a default deep dive?

Options:

A.

It initially shows the health scores for all services.

B.

It initially shows the highest importance KPIs.

C.

It initially shows all of the KPIs for a selected service.

D.

It initially shows all the entity swim lanes.

Question 7

What is an episode?

Options:

A.

A workflow task.

B.

A deep dive.

C.

A notable event group.

D.

A notable event.

Question 8

When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?

Options:

A.

Service, status, owner.

B.

Severity, status, owner.

C.

Severity, comments, service.

D.

Severity, status, service.

Question 9

To use Adaptive Threshholding, what is the minimum requirement for a set of KPI data?

Options:

A.

14 days old.

B.

7 days old.

C.

30 days old.

D.

10 days old.

Question 10

When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

Options:

A.

Gray

B.

Purple

C.

Gear Icon

D.

Blue

Question 11

How should entities be handled during the data audit phase of requirements gathering?

Options:

A.

Entity meta-data for info and aliases should be identified and recorded as requirements.

B.

Entities should be noted based upon Service KPI requirements such as 'by host' or 'by product line'.

C.

Entities must be identified for every Service KPI defined and recorded in requirements.

D.

Entities identified should be included in the entity filtering requirements, such as 'by processld' or 'by host'.

Question 12

Which of the following is a problem requiring correction in ITSI?

Options:

A.

Twoormore entitieswiththe same service ID.

B.

Twoormore entitieswiththe same entity ID.

C.

Twoormore entitieswiththe same value in a single alias field.

D.

Twoormore entitieswiththe same entity key value inanyinfo field.

Question 13

Which of the following describes enabling smart mode for an aggregation policy?

Options:

A.

Configure –> Policies –> Smart Mode –> Enable, select “fields”, click “Save”

B.

Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

C.

Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

D.

Edit the notable event view, enable smart mode, select “fields”, and click “Save”

Question 14

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

Options:

A.

Copy SA-IndexCreation to all indexers.

B.

Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.

C.

Extract installer package into etc/apps directory of the cluster deployer node.

D.

Extract ITSI app package into etc/apps directory of search head.

Question 15

Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

Options:

A.

A pre-configured default ITSI backup job is provided that can be modified, but not deleted.

B.

ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.

C.

kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.

D.

ITSI backups are stored as a collection of JSON formatted files.

Question 16

When must a service define entity rules?

Options:

A.

If the intention is for the KPIs in the service to filter to only entities assigned to the service.

B.

To enable entity cohesion anomaly detection.

C.

If some or all of the KPIs in the service will be split by entity.

D.

If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

Question 17

Which of the following is the best use case for configuring a Multi-KPI Alert?

Options:

A.

Comparing content between two notable events.

B.

Using machine learning to evaluate when data falls outside of an expected pattern.

C.

Comparing anomaly detection between two KPIs.

D.

Raising an alert when one or more KPIs indicate an outage is occurring.

Question 18

Which anomaly detection algorithm is included within ITSI?

Options:

A.

Entity cohesion

B.

Standard deviation

C.

Linear regression

D.

Infantile regression

Question 19

In distributed search, which components need to be installed on instances other than the search head?

Options:

A.

SA-IndexCreation and SA-ITSI-Licensechecker on indexers.

B.

SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

C.

SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

D.

SA-ITSI-Licensechecker on indexers.

Question 20

Which ITSI components are required before a module can be created?

Options:

A.

One or more entity import saved searches.

B.

One or more services with KPIs and their associated base searches.

C.

One or more datamodels.

D.

One or more correlation searches and their associated entities.

Question 21

When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

Options:

A.

SA-ITOA

B.

ITSI app

C.

All ITSI components

D.

SA-ITSI-Licensechecker

Question 22

When troubleshooting KPI search performance, which search names in job activity identify base searches?

Options:

A.

Indicator - XXXX - Base Search

B.

Indicator - Shared - xxxx - ITSI Search

C.

Indicator - Base - xxxx - ITSI Search

D.

Indicator - Base - XXXX - Shared Search

Question 23

How can admins manually control groupings of notable events?

Options:

A.

Correlation searches.

B.

Multi-KPI alerts.

C.

notable_event_grouping.conf

D.

Aggregation policies.

Question 24

Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)

Options:

A.

Memory KPI in a glass table.

B.

Memory panel of the OS Host Details view in the Operating System module.

C.

Memory swim lane in a Deep Dive.

D.

Service & KPI tiles in the Service Analyzer.

Question 25

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

Options:

A.

Only include KPIs if they will be used in multiple services.

B.

Analyze the business to determine the most critical services.

C.

Focus on low-level services.

D.

Define a large number of key services early.

Question 26

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

Options:

A.

Ping a host.

B.

Send email.

C.

Include in RSS feed.

D.

Run a script.

Question 27

Which capabilities are enabled through “teams”?

Options:

A.

Teams allow searches against the itsi_summary index.

B.

Teams restrict notable event alert actions.

C.

Teams restrict searches against the itsi_notable_audit index.

D.

Teams allow restrictions to service content in UI views.

Page: 1 / 9
Total 90 questions