March Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SPLK-3002 Questions and Answers

Question # 6

In which index are active notable events stored?

A.

itsi_notable_archive

B.

itsi_notable_audit

C.

itsi_tracked_alerts

D.

itsi_tracked_groups

Full Access
Question # 7

Which of the following describes enabling smart mode for an aggregation policy?

A.

Configure –> Policies –> Smart Mode –> Enable, select “fields”, click “Save”

B.

Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

C.

Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

D.

Edit the notable event view, enable smart mode, select “fields”, and click “Save”

Full Access
Question # 8

Which of the following is a valid type of Multi-KPI Alert?

A.

Score over composite.

B.

Value over time.

C.

Status over time.

D.

Rise over run.

Full Access
Question # 9

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A.

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B.

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C.

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D.

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Full Access
Question # 10

When must a service define entity rules?

A.

If the intention is for the KPIs in the service to filter to only entities assigned to the service.

B.

To enable entity cohesion anomaly detection.

C.

If some or all of the KPIs in the service will be split by entity.

D.

If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

Full Access
Question # 11

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

A.

Ping a host.

B.

Send email.

C.

Include in RSS feed.

D.

Run a script.

Full Access
Question # 12

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

A.

Copy SA-IndexCreation to all indexers.

B.

Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.

C.

Extract installer package into etc/apps directory of the cluster deployer node.

D.

Extract ITSI app package into etc/apps directory of search head.

Full Access
Question # 13

Which of the following items describe ITSI teams? (select all that apply)

A.

Teams should have itoa admin roles added with read-only permissions for services and entities.

B.

Services should be assigned to the 'global' team if all users need access to it.

C.

By default, all services are owned by the built-in 'global' team and administered by the 'itoa_admin' role.

D.

A new team admin role should be created for each team. The new role should inherit the 'itoa_team_admin' role.

Full Access
Question # 14

When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

A.

Gray

B.

Purple

C.

Gear Icon

D.

Blue

Full Access
Question # 15

Which of the following is a good use case for a Multi-KPI alert?

A.

Alerting when the values of two or more KPIs go into maintenance mode.

B.

Alerting when the trend of two or more KPIs indicates service failure is imminent.

C.

Alerting when two or more KPIs are deviating from their typical pattern.

D.

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.

Full Access
Question # 16

What is the minimum number of entities a KPI must be split by in order to use Entity Cohesion anomaly detection?

A.

3

B.

4

C.

5

D.

2

Full Access
Question # 17

Which capabilities are enabled through “teams”?

A.

Teams allow searches against the itsi_summary index.

B.

Teams restrict notable event alert actions.

C.

Teams restrict searches against the itsi_notable_audit index.

D.

Teams allow restrictions to service content in UI views.

Full Access
Question # 18

In maintenance mode, which features of KPIs still function?

A.

KPI searches will execute but will be buffered until the maintenance window is over.

B.

KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.

C.

New KPIs can be created, but existing KPIs are locked.

D.

KPI calculations and threshold settings can be modified.

Full Access
Question # 19

Which of the following services often has KPIs but no entities?

A.

Security Service.

B.

Network Service.

C.

Business Service.

D.

Technical Service.

Full Access
Question # 20

Which scenario would benefit most by implementing ITSI?

A.

Monitoring of business services functionality.

B.

Monitoring of system hardware.

C.

Monitoring of system process statuses

D.

Monitoring of retail sales metrics.

Full Access
Question # 21

Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)

A.

Memory KPI in a glass table.

B.

Memory panel of the OS Host Details view in the Operating System module.

C.

Memory swim lane in a Deep Dive.

D.

Service & KPI tiles in the Service Analyzer.

Full Access
Question # 22

After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved?

A.

Create service templates for each group and create the services from the templates.

B.

Create teams for each department and assign KPIs to each team.

C.

Create services for each group and set the permissions of the services to restrict them to each group.

D.

Create teams for each department and assign services to the teams.

Full Access
Question # 23

What can a KPI widget on a glass table drill down into?

A.

Another glass table.

B.

A Splunk dashboard.

C.

A custom deep dive.

D.

Any of the above.

Full Access
Question # 24

Which of the following are characteristics of service templates? (select all that apply)

A.

Service templates can be modified after services are instantiated from it.

B.

Service templates contain KPIs and KPI thresholds.

C.

Service templates can contain specific or generic entity rules.

D.

Service templates contain domain specific dashboards and deep dives.

Full Access
Question # 25

In distributed search, which components need to be installed on instances other than the search head?

A.

SA-IndexCreation and SA-ITSI-Licensechecker on indexers.

B.

SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

C.

SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

D.

SA-ITSI-Licensechecker on indexers.

Full Access
Question # 26

Within a correlation search, dynamic field values can be specified with what syntax?

A.

fieldname

B.

C.

%fieldname%

D.

eval(fieldname)

Full Access
Question # 27

Where are KPI search results stored?

A.

The default index.

B.

KV Store.

C.

Output to a CSV lookup.

D.

The itsi_summary index.

Full Access