New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SPLK-3002 Splunk IT Service Intelligence Certified Admin Exam Questions and Answers

Questions 4

Which of the following is a good use case for a Multi-KPI alert?

Options:

A.

Alerting when the values of two or more KPIs go into maintenance mode.

B.

Alerting when the trend of two or more KPIs indicates service failure is imminent.

C.

Alerting when two or more KPIs are deviating from their typical pattern.

D.

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.

Buy Now
Questions 5

How should entities be handled during the data audit phase of requirements gathering?

Options:

A.

Entity meta-data for info and aliases should be identified and recorded as requirements.

B.

Entities should be noted based upon Service KPI requirements such as 'by host' or 'by product line'.

C.

Entities must be identified for every Service KPI defined and recorded in requirements.

D.

Entities identified should be included in the entity filtering requirements, such as 'by processld' or 'by host'.

Buy Now
Questions 6

Which of the following services often has KPIs but no entities?

Options:

A.

Security Service.

B.

Network Service.

C.

Business Service.

D.

Technical Service.

Buy Now
Questions 7

Which index will contain useful error messages when troubleshooting ITSI issues?

Options:

A.

_introspection

B.

_internal

C.

itsi_summary

D.

itsi_notable_audit

Buy Now
Questions 8

Which of the following describes a realistic troubleshooting workflow in ITSI?

Options:

A.

Correlation Search –> Deep Dive –> Notable Event

B.

Service Analyzer –> Notable Event Review –> Deep Dive

C.

Service Analyzer –> Aggregation Policy –> Deep Dive

D.

Correlation search –> KPI –> Aggregation Policy

Buy Now
Questions 9

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

Options:

A.

Use | stats functions in custom fields to prepare the data for KPI calculations.

B.

Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C.

Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D.

Plan to build as many data models as possible for ITSI to leverage

Buy Now
Questions 10

Which of the following is a problem requiring correction in ITSI?

Options:

A.

Twoormore entitieswiththe same service ID.

B.

Twoormore entitieswiththe same entity ID.

C.

Twoormore entitieswiththe same value in a single alias field.

D.

Twoormore entitieswiththe same entity key value inanyinfo field.

Buy Now
Questions 11

Which of the following items apply to anomaly detection? (Choose all that apply.)

Options:

A.

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Buy Now
Questions 12

What is the minimum number of entities a KPI must be split by in order to use Entity Cohesion anomaly detection?

Options:

A.

3

B.

4

C.

5

D.

2

Buy Now
Questions 13

Which of the following is the best use case for configuring a Multi-KPI Alert?

Options:

A.

Comparing content between two notable events.

B.

Using machine learning to evaluate when data falls outside of an expected pattern.

C.

Comparing anomaly detection between two KPIs.

D.

Raising an alert when one or more KPIs indicate an outage is occurring.

Buy Now
Questions 14

What can a KPI widget on a glass table drill down into?

Options:

A.

Another glass table.

B.

A Splunk dashboard.

C.

A custom deep dive.

D.

Any of the above.

Buy Now
Questions 15

Which is the least permissive role required to modify default deep dives?

Options:

A.

itoa_analyst

B.

admin

C.

power

D.

itoa_admin

Buy Now
Questions 16

Which of the following is a recommended best practice for ITSI installation?

Options:

A.

ITSI should not be installed on search heads that have Enterprise Security installed.

B.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Buy Now
Questions 17

Which of the following is a good use case regarding defining entities for a service?

Options:

A.

Automatically associate entities to services using multiple entity aliases.

B.

All of the entities have the same identifying field name.

C.

Being able to split a CPU usage KPI by host name.

D.

KPI total values are aggregated from multiple different category values in the source events.

Buy Now
Questions 18

Which of the following is a characteristic of custom deep dives?

Options:

A.

Allows itoa_analyst roles to add comments.

B.

Requires at least 7 days' data to show anomalies.

C.

Combines metric, event, KPI, and service health score lanes.

D.

Uses drilldown to generate notable events via anomaly detection.

Buy Now
Questions 19

Which index is used to store KPI values?

Options:

A.

itsi_summary_metrics

B.

itsi_metrics

C.

itsi_service_health

D.

itsi_summary

Buy Now
Questions 20

Which of the following are the default ports that must be configured on Splunk to use ITSI?

Options:

A.

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B.

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C.

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D.

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Buy Now
Questions 21

Which of the following is a characteristic of base searches?

Options:

A.

Search expression, entity splitting rules, and thresholds are configured at the base search level.

B.

It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.

C.

The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.

D.

The base search will execute whether or not a KPI needs it.

Buy Now
Questions 22

When troubleshooting KPI search performance, which search names in job activity identify base searches?

Options:

A.

Indicator - XXXX - Base Search

B.

Indicator - Shared - xxxx - ITSI Search

C.

Indicator - Base - xxxx - ITSI Search

D.

Indicator - Base - XXXX - Shared Search

Buy Now
Questions 23

Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

Options:

A.

A pre-configured default ITSI backup job is provided that can be modified, but not deleted.

B.

ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.

C.

kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.

D.

ITSI backups are stored as a collection of JSON formatted files.

Buy Now
Questions 24

Which capabilities are enabled through “teams”?

Options:

A.

Teams allow searches against the itsi_summary index.

B.

Teams restrict notable event alert actions.

C.

Teams restrict searches against the itsi_notable_audit index.

D.

Teams allow restrictions to service content in UI views.

Buy Now
Questions 25

There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other’s services. What are the role configuration steps required to accomplish this?

Options:

A.

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

B.

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

C.

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

D.

itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

Buy Now
Questions 26

Which of the following describes enabling smart mode for an aggregation policy?

Options:

A.

Configure –> Policies –> Smart Mode –> Enable, select “fields”, click “Save”

B.

Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

C.

Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

D.

Edit the notable event view, enable smart mode, select “fields”, and click “Save”

Buy Now
Questions 27

What is the main purpose of the service analyzer?

Options:

A.

Display a list of All Services and Entities.

B.

Trigger external alerts based on threshold violations.

C.

Allow Analysts to add comments to Alerts.

D.

Monitor overall Service and KPI status.

Buy Now
Exam Code: SPLK-3002
Exam Name: Splunk IT Service Intelligence Certified Admin Exam
Last Update: Dec 27, 2024
Questions: 90
SPLK-3002 pdf

SPLK-3002 PDF

$25.5  $84.99
SPLK-3002 Engine

SPLK-3002 Testing Engine

$30  $99.99
SPLK-3002 PDF + Engine

SPLK-3002 PDF + Testing Engine

$40.5  $134.99