SPLK-3002 Online Practice Questions and Answers

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

A. Only include KPIs if they will be used in multiple services.

B. Analyze the business to determine the most critical services.

C. Focus on low-level services.

D. Define a large number of key services early.

In distributed search, which components need to be installed on instances other than the search head?

A. SA-IndexCreationand SA-ITSI-Licensecheckeron indexers.

B. SA-IndexCreationand SA-ITOA on indexers; SA-ITSI-Licensecheckerand SA-UserAccess on the license master.

C. SA-IndexCreationon idexers; SA-ITSI-Licensecheckerand SA-UserAccesson the license master.

D. SA-ITSI-Licensecheckeron indexers.

When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

A. SA-ITOA

B. ITSI app

C. All ITSI components

D. SA-ITSI-Licensechecker

Which of the following describes a realistic troubleshooting workflow in ITSI?

A. Correlation Search –andgt; Deep Dive –andgt; Notable Event

B. Service Analyzer –andgt; Notable Event Review –andgt; Deep Dive

C. Service Analyzer –andgt; Aggregation Policy –andgt; Deep Dive

D. Correlation search –andgt; KPI –andgt; Aggregation Policy

What is the default importance value for dependent services’ health scores?

A. 11

B. 1

C. Unassigned

D. 10

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

A. Use | stats functions in custom fields to prepare the data for KPI calculations.

B. Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C. Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D. Plan to build as many data models as possible for ITSI to leverage

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

A. Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.

B. Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.

C. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summaryindex.

D. Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Which of the following is a good use case regarding defining entities for a service?

A. Automatically associate entities to services using multiple entity aliases.

B. All of the entities have the same identifying field name.

C. Being able to split a CPU usage KPI by host name.

D. KPI total values are aggregated from multiple different category values in the source events.

When in maintenance mode, which of the following is accurate?

A. Once the window is over, KPIs and notable events will begin to be generated again.

B. KPIs are shown in blue while in maintenance mode.

C. Maintenance mode slots are scheduled on a per hour basis.

D. Service health scores and KPI events are deleted until the window is over.