ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3002

Splunk SPLK-3002 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are the default ports that must be configured on Splunk to use ITSI?
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?
Which of the following statements is accurate when using multiple policies?
When in maintenance mode, which of the following is accurate?
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?
When troubleshooting KPI search performance, which search names in job activity identify base searches?
Which of the following is a good use case for creating a custom module?
When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?
There are two Smart Mode configuration settings that control how fields affect grouping. Which of these is correct?

Question 1

Report
Export
Collapse

Which of the following is a recommended best practice for service and glass table design?

A.
Plan and implement services first, then build detailed glass tables.
A.
Plan and implement services first, then build detailed glass tables.
Answers
B.
Always use the standard icons for glass table widgets to improve portability.
B.
Always use the standard icons for glass table widgets to improve portability.
Answers
C.
Start with base searches, then services, and then glass tables.
C.
Start with base searches, then services, and then glass tables.
Answers
D.
Design glass tables first to discover which KPIs are important.
D.
Design glass tables first to discover which KPIs are important.
Answers
Suggested answer: A

Explanation:

A is the correct answer because it is recommended to plan and implement services first, then build detailed glass tables that reflect the service hierarchy and dependencies. This way, you can ensure that your glass tables provide accurate and meaningful service-level insights. Building glass tables first might lead to unnecessary or irrelevant KPIs that do not align with your service goals.

Reference:Splunk IT Service Intelligence Service Design Best Practices

Question 2

Report
Export
Collapse

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

A.
Deployments often require an increase of hardware resources above base Splunk requirements.
A.
Deployments often require an increase of hardware resources above base Splunk requirements.
Answers
B.
Deployments require a dedicated ITSI search head.
B.
Deployments require a dedicated ITSI search head.
Answers
C.
Deployments may increase the number of required indexers based on the number of KPI searches.
C.
Deployments may increase the number of required indexers based on the number of KPI searches.
Answers
D.
Deployments should use fastest possible disk arrays for indexers.
D.
Deployments should use fastest possible disk arrays for indexers.
Answers
Suggested answer: A, B, C

Explanation:

You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.

Install Splunk Enterprise Security on a dedicated search head or search head cluster.

The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.

A, B, and C are correct answers because ITSI deployments often require more hardware resources than base Splunk requirements due to the high volume of data ingestion and processing. ITSI deployments also require a dedicated search head that runs the ITSI app and handles all ITSI-related searches and dashboards. ITSI deployments may also increase the number of required indexers based on the number and frequency of KPI searches, which can generate a large amount of summary data.

Reference:ITSI deployment overview,ITSI deployment planning

Question 3

Report
Export
Collapse

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

A.
Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
A.
Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
Answers
B.
Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
B.
Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
Answers
C.
Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
C.
Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
Answers
D.
Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.
D.
Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.
Answers
Suggested answer: A, B, C

Explanation:

A, B, and C are correct answers because service access control requirements for ITSI Team Access should be considered before creating the ITSI Service, as different teams may have different permissions and views of the service data. Entities, entity meta-data, and entity rules should also be planned carefully to support the service design and configuration, as they determine how ITSI maps data sources to services and KPIs. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index for faster retrieval and analysis.

Reference:ITSI service design best practices,Overview of ITSI indexes

Question 4

Report
Export
Collapse

Anomaly detection can be enabled on which one of the following?

A.
KPI
A.
KPI
Answers
B.
Multi-KPI alert
B.
Multi-KPI alert
Answers
C.
Entity
C.
Entity
Answers
D.
Service
D.
Service
Answers
Suggested answer: A

Explanation:

A is the correct answer because anomaly detection can be enabled on a KPI level in ITSI. Anomaly detection allows you to identify trends and outliers in KPI search results that might indicate an issue with your system. You can enable anomaly detection for a KPI by selecting one of the two anomaly detection algorithms in the KPI configuration panel.

Reference:Apply anomaly detection to a KPI in ITSI

Question 5

Report
Export
Collapse

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

A.
6 months.
A.
6 months.
Answers
B.
9 months.
B.
9 months.
Answers
C.
1 year.
C.
1 year.
Answers
D.
3 months.
D.
3 months.
Answers
Suggested answer: A

Explanation:

By default, notable event metadata is archived after six months to keep the KV store from growing too large.

Question 6

Report
Export
Collapse

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

A.
Only include KPIs if they will be used in multiple services.
A.
Only include KPIs if they will be used in multiple services.
Answers
B.
Analyze the business to determine the most critical services.
B.
Analyze the business to determine the most critical services.
Answers
C.
Focus on low-level services.
C.
Focus on low-level services.
Answers
D.
Define a large number of key services early.
D.
Define a large number of key services early.
Answers
Suggested answer: B

Explanation:

A best practice for identifying the most effective services with which to start an iterative ITSI deployment is to analyze the business to determine the most critical services that have the most impact on revenue, customer satisfaction, or other key performance indicators. You can use the Service Analyzer to prioritize and monitor these services.

Reference:Service Analyzer

Question 7

Report
Export
Collapse

When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

A.
Gray
A.
Gray
Answers
B.
Purple
B.
Purple
Answers
C.
Gear Icon
C.
Gear Icon
Answers
D.
Blue
D.
Blue
Answers
Suggested answer: A

Explanation:

When creating a custom deep dive, services or KPIs that are in maintenance mode are shown in gray color in the topology view. This indicates that they are not actively monitored and do not generate alerts or notable events.

Reference:Deep Dives

Question 8

Report
Export
Collapse

Which deep dive swim lane type does not require writing SPL?

A.
Event lane.
A.
Event lane.
Answers
B.
Automatic lane.
B.
Automatic lane.
Answers
C.
Metric lane.
C.
Metric lane.
Answers
D.
KPI lane.
D.
KPI lane.
Answers
Suggested answer: D

Explanation:

A KPI lane is a type of deep dive swim lane that does not require writing SPL. You can simply select a service and a KPI from a drop-down list and ITSI will automatically populate the lane with the corresponding data. You can also adjust the threshold settings and time range for the KPI lane.

Reference: [KPI Lanes]

Question 9

Report
Export
Collapse

Which of the following items apply to anomaly detection? (Choose all that apply.)

A.
Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
A.
Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
Answers
B.
A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
B.
A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
Answers
C.
Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
C.
Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
Answers
D.
There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.
D.
There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.
Answers
Suggested answer: B, C

Explanation:

Anomaly detection is a feature of ITSI that uses machine learning to detect when KPI data deviates from a normal pattern. The following items apply to anomaly detection:

B) A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis. This ensures that there is enough data to establish a baseline pattern and compare different entities within a service.

C) Anomaly detection automatically generates notable events when KPI data diverges from the pattern. You can configure the sensitivity and severity of the anomaly detection alerts and assign them to episodes or teams.

Reference: [Anomaly Detection]

Question 10

Report
Export
Collapse

Which of the following is a best practice when configuring maintenance windows?

A.
Disable any glass tables that reference a KPI that is part of an open maintenance window.
A.
Disable any glass tables that reference a KPI that is part of an open maintenance window.
Answers
B.
Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
B.
Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
Answers
C.
Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
C.
Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
Answers
D.
Change the color of services and entities that are part of an open maintenance window in the service analyzer.
D.
Change the color of services and entities that are part of an open maintenance window in the service analyzer.
Answers
Suggested answer: C

Explanation:

It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.

A maintenance window is a period of time when a service or entity is undergoing maintenance operations or does not require active monitoring. It is a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. For example, if a server will be shut down for maintenance at 1:00PM and restarted at 5:00PM, the ideal maintenance window is 12:30PM to 5:30PM. The 15- to 30-minute time buffer is a rough estimate based on 15 minutes being the time period over which most KPIs are configured to search data and identify alert triggers.

Reference:Overview of maintenance windows in ITSI

Total 90 questions
Go to page: of 9
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms