
[Jan 02, 2022] Fully Updated Dumps PDF - Latest SPLK-3002 Exam Questions and Answers
100% Free SPLK-3002 Exam Dumps to Pass Exam Easily from CertkingdomPDF
Splunk SPLK-3002 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
| Topic 12 |
|
| Topic 13 |
|
| Topic 14 |
|
| Topic 15 |
|
NEW QUESTION 22
Which index is used to store KPI values?
- A. itsi_metrics
- B. itsi_summary_metrics
- C. itsi_summary
- D. itsi_service_health
Answer: B
Explanation:
Explanation
The IT Service Intelligence (ITSI) metrics summary index, itsi_summary_metrics, is a metrics-based summary index that stores KPI data.
NEW QUESTION 23
Which of the following is a good use case regarding defining entities for a service?
- A. Being able to split a CPU usage KPI by host name.
- B. All of the entities have the same identifying field name.
- C. Automatically associate entities to services using multiple entity aliases.
- D. KPI total values are aggregated from multiple different category values in the source events.
Answer: C
Explanation:
Explanation
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.
NEW QUESTION 24
Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)
- A. ITSI backups are stored as a collection of JSON formatted files.
- B. ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
- C. A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
- D. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
Answer: A,D
Explanation:
Explanation
ITSI provides a kvstore_to_json.py script that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file.
NEW QUESTION 25
Which of the following is a best practice when configuring maintenance windows?
- A. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
- B. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
- C. Change the color of services and entities that are part of an open maintenance window in the service analyzer.
- D. Disable any glass tables that reference a KPI that is part of an open maintenance window.
Answer: B
Explanation:
Explanation
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.
NEW QUESTION 26
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?
- A. SA-ITOA
- B. SA-ITSI-Licensechecker
- C. All ITSI components
- D. ITSI app
Answer: B
Explanation:
Explanation
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
NEW QUESTION 27
How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?
- A. Select "Yes" for both "Split by Entity" and "Filter to Entities in Service".
- B. Select "No" for both "Split by Entity" and "Filter to Entities in Service".
- C. Select "Yes" for "Split by Entity" and "No" for "Filter to Entities in Service".
- D. Select "No" for "Split by Entity" and "Yes" for "Filter to Entities in Service".
Answer: A
NEW QUESTION 28
Which of the following applies when configuring time policies for KPI thresholds?
- A. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00
- B. If a person expects a KPI to change significantly through a cycle on a daily basis, don't use it.
- C. It is possible for multiple time policies to overlap.
- D. A person can only configure 24 policies, one for each hour of the day.
Answer: C
Explanation:
Explanation
If you're creating multiple time policies that require the same threshold values, you can save time by copying the threshold levels and their corresponding values from one policy to another.
NEW QUESTION 29
Which of the following items apply to anomaly detection? (Choose all that apply.)
- A. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
- B. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
- C. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
- D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.
Answer: A,C
NEW QUESTION 30
When in maintenance mode, which of the following is accurate?
- A. Once the window is over, KPIs and notable events will begin to be generated again.
- B. Maintenance mode slots are scheduled on a per hour basis.
- C. KPIs are shown in blue while in maintenance mode.
- D. Service health scores and KPI events are deleted until the window is over.
Answer: A
NEW QUESTION 31
In Episode Review, what is the result of clicking an episode's Acknowledge button?
- A. Change status from New to In Progress and assign the current user as owner.
- B. Assign the current user as owner.
- C. Change status from New to Acknowledged and assign the current user as owner.
- D. Change status from New to Acknowledged.
Answer: A
Explanation:
Explanation
When an episode warrants investigation, the analyst acknowledges the episode, which moves the status from New to In Progress.
NEW QUESTION 32
Which of the following describes enabling smart mode for an aggregation policy?
- A. Edit the notable event view, enable smart mode, select "fields", and click "Save"
- B. Edit the aggregation policy, enable smart mode, select fields to analyze, click "Save"
- C. Enable grouping in Notable Event Review, select "Smart Mode", select "fields", and click "Save"
- D. Configure -> Policies -> Smart Mode -> Enable, select "fields", click "Save"
Answer: D
Explanation:
Explanation
1. From the ITSI main menu, click Configuration > Notable Event Aggregation Policies.
2. Select a custom policy or the Default Policy.
3. Under Smart Mode grouping, enable Smart Mode.
4. Click Select fields. A dialog displays the fields found in your notable events from the last 24 hours.
NEW QUESTION 33
Which of the following describes entities? (Choose all that apply.)
- A. An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.
- B. Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.
- C. Multiple entities can share the same alias value, but must have different role values.
- D. To automatically restrict the KPI to only the entities in a particular service, select "Filter to Entities in Service".
Answer: D
NEW QUESTION 34
Which ITSI functions generate notable events? (Choose all that apply.)
- A. KPI anomaly detection.
- B. Correlation search.
- C. Multi-KPI alert.
- D. KPI threshold breaches.
Answer: A,B,D
Explanation:
Explanation
After you configure KPI thresholds, you can set up alerts to notify you when aggregate KPI severities change.
ITSI generates notable events in Episode Review based on the alerting rules you configure.
Anomaly detection generates notable events when a KPI IT Service Intelligence (ITSI) deviates from an expected pattern.
Notable events are typically generated by a correlation search.
NEW QUESTION 35
When installing ITSI to support a Distributed Search Architecture, which of the following items apply?
(Choose all that apply.)
- A. Extract ITSI app package into etc/apps directory of search head.
- B. Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.
- C. Copy SA-IndexCreation to all indexers.
- D. Extract installer package into etc/apps directory of the cluster deployer node.
Answer: C
Explanation:
Explanation
Copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on all individual indexers in your environment.
NEW QUESTION 36
When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?
- A. Gray
- B. Blue
- C. Gear Icon
- D. Purple
Answer: A
Explanation:
Explanation
Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.
NEW QUESTION 37
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?
- A. If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
- B. If this value is set to 0, the scheduler may skip scheduled execution periods.
- C. If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
- D. If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
Answer: A
Explanation:
Explanation
If set to 0, the scheduler determines the next scheduled search run time based on the last run time for the search. This is called continuous scheduling.
NEW QUESTION 38
Which of the following best describes a default deep dive?
- A. It initially shows all the entity swim lanes.
- B. It initially shows the health scores for all services.
- C. It initially shows all of the KPIs for a selected service.
- D. It initially shows the highest importance KPIs.
Answer: A
NEW QUESTION 39
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
- A. 1 year.
- B. 9 months.
- C. 3 months.
- D. 6 months.
Answer: D
Explanation:
Explanation
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
NEW QUESTION 40
Which of the following is the best use case for configuring a Multi-KPI Alert?
- A. Raising an alert when one or more KPIs indicate an outage is occurring.
- B. Comparing anomaly detection between two KPIs.
- C. Using machine learning to evaluate when data falls outside of an expected pattern.
- D. Comparing content between two notable events.
Answer: D
NEW QUESTION 41
What is the main purpose of the service analyzer?
- A. Monitor overall Service and KPI status.
- B. Trigger external alerts based on threshold violations.
- C. Display a list of All Services and Entities.
- D. Allow Analysts to add comments to Alerts.
Answer: D
NEW QUESTION 42
What is an episode?
- A. A workflow task.
- B. A deep dive.
- C. A notable event.
- D. A notable event group.
Answer: C
Explanation:
Explanation
It's a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation.
NEW QUESTION 43
......
Free SPLK-3002 Exam Questions SPLK-3002 Actual Free Exam Questions: https://www.certkingdompdf.com/SPLK-3002-latest-certkingdom-dumps.html
Verified SPLK-3002 dumps and 54 unique questions: https://drive.google.com/open?id=19w7rxmWLdZ7JsIGj5I9V6HkHFceMcb20