SPLK-3002 Online Practice Questions and Answers

Which of the following is a best practice when configuring maintenance windows?

A. Disable any glass tables that reference a KPI that is part of an open maintenance window.

B. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.

C. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.

D. Change the color of services and entities that are part of an open maintenance window in the service analyzer.

In distributed search, which components need to be installed on instances other than the search head?

A. SA-IndexCreationand SA-ITSI-Licensecheckeron indexers.

B. SA-IndexCreationand SA-ITOA on indexers; SA-ITSI-Licensecheckerand SA-UserAccess on the license master.

C. SA-IndexCreationon idexers; SA-ITSI-Licensecheckerand SA-UserAccesson the license master.

D. SA-ITSI-Licensecheckeron indexers.

Which of the following accurately describes base searches used for KPIs in a service?

A. Base searches can be used for multiple services.

B. A base search can only be used by its service and all dependent services.

C. All the metrics in a base search are used by one service.

D. All the KPIs in a service use the same base search.

Which scenario would benefit most by implementing ITSI?

A. Monitoring of business services functionality.

B. Monitoring of system hardware.

C. Monitoring of system process statuses.

D. Monitoring of retail sales metrics.

Which of the following is an advantage of using adaptive time thresholds?

A. Automatically update thresholds daily to manage dynamic changes to KPI values.

B. Automatically adjust KPI calculation to manage dynamic event data.

C. Automatically adjust aggregation policy grouping to manage escalating severity.

D. Automatically adjust correlation search thresholds to adjust sensitivity over time.

Which of the following applies when configuring time policies for KPI thresholds?

A. A person can only configure 24 policies, one for each hour of the day.

B. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00

C. If a person expects a KPI to change significantly through a cycle on a daily basis, don't use it.

D. It is possible for multiple time policies to overlap.

When changing a service template, which of the following will be added to linked services by default?

A. Thresholds.

B. Entity Rules.

C. New KPIs.

D. Health score.

Where are KPI search results stored?

A. The default index.

B. KV Store.

C. Output to a CSV lookup.

D. The itsi_summaryindex.

Which capabilities are enabled through “teams”?

A. Teams allow searches against the itsi_summaryindex.

B. Teams restrict notable event alert actions.

C. Teams restrict searches against the itsi_notable_auditindex.

D. Teams allow restrictions to service content in UI views.

In maintenance mode, which features of KPIs still function?

A. KPI searches will execute but will be buffered until the maintenance window is over.

B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summaryindex.

C. New KPIs can be created, but existing KPIs are locked.

D. KPI calculations and threshold settings can be modified.

Which index contains ITSI Episodes?

A. itsi_tracked_alerts

B. itsi_grouped_alerts

C. itsi_notable_archive

D. itsi_summary

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?

A. Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.

B. Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.

C. Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.

D. Select “No” for both “Split by Entity” and “Filter to Entities in Service”.

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

A. Copy SA-IndexCreationto all indexers.

B. Copy SA-IndexCreationto the etc/apps directory on the index cluster master node.

C. Extract installer package into etc/apps directory of the cluster deployer node.

D. Extract ITSI app package into etc/apps directory of search head.

When must a service define entity rules?

A. If the intention is for the KPIs in the service to filter to only entities assigned to the service.

B. To enable entity cohesion anomaly detection.

C. If some or all of the KPIs in the service will be split by entity.

D. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.