ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are the default ports that must be configured on Splunk to use ITSI?
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?
Which of the following is a good use case for creating a custom module?
There are two Smart Mode configuration settings that control how fields affect grouping. Which of these is correct?
Which of the following statements is accurate when using multiple policies?
When in maintenance mode, which of the following is accurate?
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
When troubleshooting KPI search performance, which search names in job activity identify base searches?
When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?

Question 2 - SPLK-3002 discussion

Report
Export

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

A.
Deployments often require an increase of hardware resources above base Splunk requirements.
Answers
A.
Deployments often require an increase of hardware resources above base Splunk requirements.
B.
Deployments require a dedicated ITSI search head.
Answers
B.
Deployments require a dedicated ITSI search head.
C.
Deployments may increase the number of required indexers based on the number of KPI searches.
Answers
C.
Deployments may increase the number of required indexers based on the number of KPI searches.
D.
Deployments should use fastest possible disk arrays for indexers.
Answers
D.
Deployments should use fastest possible disk arrays for indexers.
Suggested answer: A, B, C

Explanation:

You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.

Install Splunk Enterprise Security on a dedicated search head or search head cluster.

The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.

A, B, and C are correct answers because ITSI deployments often require more hardware resources than base Splunk requirements due to the high volume of data ingestion and processing. ITSI deployments also require a dedicated search head that runs the ITSI app and handles all ITSI-related searches and dashboards. ITSI deployments may also increase the number of required indexers based on the number and frequency of KPI searches, which can generate a large amount of summary data.

Reference:ITSI deployment overview,ITSI deployment planning

Show Answer
asked 23/09/2024
Robert Fox
50 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms