Which of the following describes a way to delete multiple duplicate entities in ITSI?

Via a search using the | deleteentity command.

Which capabilities are enabled through ''teams''?

Teams allow restrictions to service content in UI views.

Teams allow searches against the itsi_summary index.

Teams restrict notable event alert actions.

Teams restrict searches against the itsi_notable_audit index.

Teams allow restrictions to service content in UI views.

In maintenance mode, which features of KPIs still function?

KPI searches will execute but will be buffered until the maintenance window is over.

KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.

New KPIs can be created, but existing KPIs are locked.

KPI calculations and threshold settings can be modified.

Which of the following best describes a default deep dive?

It initially shows all of the KPIs for a selected service.

It initially shows the health scores for all services.

It initially shows the highest importance KPIs.

It initially shows all of the KPIs for a selected service.

It initially shows all the entity swim lanes.

Which of the following describes enabling smart mode for an aggregation policy?

Edit the aggregation policy, enable smart mode, select fields to analyze, click ''Save''

Configure --> Policies --> Smart Mode --> Enable, select ''fields'', click ''Save''

Enable grouping in Notable Event Review, select ''Smart Mode'', select ''fields'', and click ''Save''

Edit the aggregation policy, enable smart mode, select fields to analyze, click ''Save''

Edit the notable event view, enable smart mode, select ''fields'', and click ''Save''

Which of the following are the default ports that must be configured on Splunk to use ITSI?

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Which of the following is a good use case regarding defining entities for a service?

Automatically associate entities to services using multiple entity aliases.

All of the entities have the same identifying field name.

Being able to split a CPU usage KPI by host name.

KPI total values are aggregated from multiple different category values in the source events.

When in maintenance mode, which of the following is accurate?

Once the window is over, KPIs and notable events will begin to be generated again.

KPIs are shown in blue while in maintenance mode.

Maintenance mode slots are scheduled on a per hour basis.

Service health scores and KPI events are deleted until the window is over.

Which of the following describes default deep dives?

Are auto-generated and can be accessed via the Service Analyzer.

Are manually generated and can be accessed via the Service Analyzer.

Include all KPIs of all services.

Are auto-generated and can be accessed via the Service Analyzer.

Include health scores of all services.

Which of the following is a problem requiring correction in ITSI?

Two or more entities with the same value in a single alias field.

Two or more entities with the same service ID.

Two or more entities with the same entity ID.

Two or more entities with the same value in a single alias field.

Two or more entities with the same entity key value in any info field.

Which of the following is a good use case for a Multi-KPI alert?

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.

Alerting when the values of two or more KPIs go into maintenance mode.

Alerting when the trend of two or more KPIs indicates service failure is imminent.

Alerting when two or more KPIs are deviating from their typical pattern.

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.

Which of the following actions can be performed with a deep dive?

Create a Multi-KPI alert from the deep dive's current state to warn of similar situations in the future.

Create a predictive analysis model from the deep dive to warn of future service degradation.

Create an anomaly detection alert to show when the same pattern begins in the future.

Create a custom service analyzer from selected deep dive lanes.

Which of the following is an advantage of an adaptive time threshold?

Automatically adjusting thresholds as normal KPI values change over time.

Automatically alerting when KPI value patterns change over time.

Automatically adjusting thresholds as normal KPI values change over time.

Automatically adjusting to holiday schedules.

Automatically predicting future degradation of KPI values over time.

Which of the following best describes an ITSI Glass Table?

A view which displays a system topology overlaid with KPI metrics.

A view which describes a topology.

A dashboard which displays a system topology.

A view showing KPI values in a variety of visual styles.

Which of the following statements describe default glass tables in ITSI?

There are no default glass tables.

The Service Health Score default glass table.

There is one default glass table per service.

There is one service template default glass table.

There are no default glass tables.

Which of the following is a recommended best practice for ITSI installation?

ITSI should not be installed on search heads that have Enterprise Security installed.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)

Memory panel of the OS Host Details view in the Operating System module.

Memory swim lane in a Deep Dive.

Service & KPI tiles in the Service Analyzer.

Memory panel of the OS Host Details view in the Operating System module.

Memory swim lane in a Deep Dive.

Service & KPI tiles in the Service Analyzer.

How should entities be handled during the data audit phase of requirements gathering?

Entity meta-data for info and aliases should be identified and recorded as requirements.

Entities should be noted based upon Service KPI requirements such as 'by host' or 'by product line'.

Entities must be identified for every Service KPI defined and recorded in requirements.

Entities identified should be included in the entity filtering requirements, such as 'by processld' or 'by host'.

Which of the following statements is accurate when using multiple policies?

Policy processing is applied in a defined order.

New policies are applied after the default policy.

Policy processing is applied in a defined order.

An event can be processed by only a single policy.

New policies are applied before the default policy.

Which step is required to install ITSI on a single Search Head?

Use the Splunk -> Manage Apps Dashboard to download and install.

Untar the ITSI package in <splunk home>/etc/apps

Run splunk_apply shcluster-bundle

Use the Splunk -> Manage Apps Dashboard to download and install.

What happens when an anomaly is detected?

An anomaly alert will appear as a notable event in Episode Review.

A separate correlation search needs to be created in order to see it.

An anomaly alert will appear in core splunk, in index=main.

An anomaly alert will appear as a notable event in Episode Review.

After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved?

Create teams for each department and assign services to the teams.

Create service templates for each group and create the services from the templates.

Create teams for each department and assign KPIs to each team.

Create services for each group and set the permissions of the services to restrict them to each group.

Create teams for each department and assign services to the teams.

Which of the following are characteristics of ITSI service dependencies? (select all that apply)

It is best practice to use the dependent service's built-in 'ServiceHealthScore' KPI to reflect impact to the primary service.

Setting the dependent service KPI importance level will be treated as any other KPI in the primary service's health score.

If a primary service has a dependent service KPI and the KPI's importance level is changed, the dependency is broken.

It is best practice to use the dependent service's built-in 'ServiceHealthScore' KPI to reflect impact to the primary service.

Setting the dependent service KPI importance level will be treated as any other KPI in the primary service's health score.

Impactful dependent services should only be configured to one primary service to avoid false negatives in Multi KPI Alerts.

Which of the following can generate notable events?

Through scheduled correlation searches which link to their respective services.

Through ad-hoc search results which get processed by adaptive thresholds.

When two entity aliases have a matching value.

Through scheduled correlation searches which link to their respective services.

Manually selected using the Notable Event Review panel.

There are two Smart Mode configuration settings that control how fields affect grouping. Which of these is correct?

Text similarity and category similarity.

Text deviation and category deviation.

Text similarity and category deviation.

Text similarity and category similarity.

Text deviation and category similarity.

Which of the following is a characteristic of custom deep dives?

Combines metric, event, KPI, and service health score lanes.

Allows itoa_analyst roles to add comments.

Requires at least 7 days' data to show anomalies.

Combines metric, event, KPI, and service health score lanes.

Uses drilldown to generate notable events via anomaly detection.

Which of the following is a characteristic of notable event groups?

Notable event groups combine independent notable events.

Notable event groups are created in the itsi_tracked_alerts index.

Notable event groups allow users to adjust threshold settings.

Splunk SPLK-3002 Practice Test 2 - Free Online Exam Prep & Questions

Where are KPI search results stored?

The default index.

KV Store.

Output to a CSV lookup.

The itsi_summary index.

Comment (0)

Splunk SPLK-3002 Practice Test 2

Question

Splunk SPLK-3002 Practice Tests

Practice Tests