New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Splunk > Splunk IT Service Intelligence Certified Admin > SPLK-3002

SPLK-3002 Splunk IT Service Intelligence Certified Admin Exam Question and Answers

Question # 4

Which of the following actions can be performed with a deep dive?

A.

Create a Multi-KPI alert from the deep dive's current state to warn of similar situations in the future.

B.

Create a predictive analysis model from the deep dive to warn of future service degradation.

C.

Create an anomaly detection alert to show when the same pattern begins in the future.

D.

Create a custom service analyzer from selected deep dive lanes.

Full Access
Question # 5

When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?

A.

Service, status, owner.

B.

Severity, status, owner.

C.

Severity, comments, service.

D.

Severity, status, service.

Full Access
Question # 6

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

A.

Use | stats functions in custom fields to prepare the data for KPI calculations.

B.

Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C.

Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D.

Plan to build as many data models as possible for ITSI to leverage

Full Access
Question # 7

Which scenario would benefit most by implementing ITSI?

A.

Monitoring of business services functionality.

B.

Monitoring of system hardware.

C.

Monitoring of system process statuses

D.

Monitoring of retail sales metrics.

Full Access
Question # 8

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

A.

6 months.

B.

9 months.

C.

1 year.

D.

3 months.

Full Access
Question # 9

Which of the following items apply to anomaly detection? (Choose all that apply.)

A.

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Full Access
Question # 10

In maintenance mode, which features of KPIs still function?

A.

KPI searches will execute but will be buffered until the maintenance window is over.

B.

KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.

C.

New KPIs can be created, but existing KPIs are locked.

D.

KPI calculations and threshold settings can be modified.

Full Access
Question # 11

Which of the following is part of setting up a new aggregation policy?

A.

Filtering criteria

B.

Policy version

C.

Review order

D.

Module rules

Full Access
Question # 12

How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?

A.

Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.

B.

Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.

C.

Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.

D.

Select “No” for both “Split by Entity” and “Filter to Entities in Service”.

Full Access
Question # 13

In which index are active notable events stored?

A.

itsi_notable_archive

B.

itsi_notable_audit

C.

itsi_tracked_alerts

D.

itsi_tracked_groups

Full Access
Question # 14

Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)

A.

Memory KPI in a glass table.

B.

Memory panel of the OS Host Details view in the Operating System module.

C.

Memory swim lane in a Deep Dive.

D.

Service & KPI tiles in the Service Analyzer.

Full Access
Question # 15

Which ITSI components are required before a module can be created?

A.

One or more entity import saved searches.

B.

One or more services with KPIs and their associated base searches.

C.

One or more datamodels.

D.

One or more correlation searches and their associated entities.

Full Access
Question # 16

What is the default importance value for dependent services’ health scores?

A.

11

B.

1

C.

Unassigned

D.

10

Full Access
Question # 17

To use Adaptive Threshholding, what is the minimum requirement for a set of KPI data?

A.

14 days old.

B.

7 days old.

C.

30 days old.

D.

10 days old.

Full Access
Question # 18

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A.

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B.

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C.

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D.

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Full Access
Question # 19

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

A.

Copy SA-IndexCreation to all indexers.

B.

Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.

C.

Extract installer package into etc/apps directory of the cluster deployer node.

D.

Extract ITSI app package into etc/apps directory of search head.

Full Access
Question # 20

Which of the following statements is accurate when using multiple policies?

A.

New policies are applied after the default policy.

B.

Policy processing is applied in a defined order.

C.

An event can be processed by only a single policy.

D.

New policies are applied before the default policy.

Full Access
Question # 21

What is the range for a normal Service Health score category?

A.

20-40

B.

40-60

C.

60-80

D.

80-100

Full Access
Question # 22

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

A.

Deployments often require an increase of hardware resources above base Splunk requirements.

B.

Deployments require a dedicated ITSI search head.

C.

Deployments may increase the number of required indexers based on the number of KPI searches.

D.

Deployments should use fastest possible disk arrays for indexers.

Full Access
Question # 23

Which index will contain useful error messages when troubleshooting ITSI issues?

A.

_introspection

B.

_internal

C.

itsi_summary

D.

itsi_notable_audit

Full Access
Question # 24

When must a service define entity rules?

A.

If the intention is for the KPIs in the service to filter to only entities assigned to the service.

B.

To enable entity cohesion anomaly detection.

C.

If some or all of the KPIs in the service will be split by entity.

D.

If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

Full Access
Question # 25

Which of the following is a recommended best practice for ITSI installation?

A.

ITSI should not be installed on search heads that have Enterprise Security installed.

B.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Full Access
Question # 26

After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved?

A.

Create service templates for each group and create the services from the templates.

B.

Create teams for each department and assign KPIs to each team.

C.

Create services for each group and set the permissions of the services to restrict them to each group.

D.

Create teams for each department and assign services to the teams.

Full Access
Question # 27

Which of the following is a characteristic of base searches?

A.

Search expression, entity splitting rules, and thresholds are configured at the base search level.

B.

It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.

C.

The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.

D.

The base search will execute whether or not a KPI needs it.

Full Access