Splunk splk-3002 practice test

Splunk IT Service Intelligence Certified Admin Exam


Question 1

When in maintenance mode, which of the following is accurate?

  • A. Once the window is over, KPIs and notable events will begin to be generated again.
  • B. KPIs are shown in blue while in maintenance mode.
  • C. Maintenance mode slots are scheduled on a per hour basis.
  • D. Service health scores and KPI events are deleted until the window is over.
Answer:

A

Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/REBestPractice

Discussions
0 / 600

Question 2

When must a service define entity rules?

  • A. If the intention is for the KPIs in the service to filter to only entities assigned to the service.
  • B. To enable entity cohesion anomaly detection.
  • C. If some or all of the KPIs in the service will be split by entity.
  • D. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
Answer:

A

Explanation:
Provide a value to filter the service to a specific set of entities. These entity rule values are meant to
be custom for each service.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/EntityRules

Discussions
0 / 600

Question 3

Which of the following is a valid type of Multi-KPI Alert?

  • A. Score over composite.
  • B. Value over time.
  • C. Status over time.
  • D. Rise over run.
Answer:

C

Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA

Discussions
0 / 600

Question 4

When installing ITSI to support a Distributed Search Architecture, which of the following items apply?
(Choose all that apply.)

  • A. Copy SA-IndexCreation to all indexers.
  • B. Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.
  • C. Extract installer package into etc/apps directory of the cluster deployer node.
  • D. Extract ITSI app package into etc/apps directory of search head.
Answer:

A

Explanation:
CopySA-IndexCreationto$SPLUNK_HOME/etc/apps/on all individual indexers in your environment.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallSHC

Discussions
0 / 600

Question 5

Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

  • A. A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
  • B. ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
  • C. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
  • D. ITSI backups are stored as a collection of JSON formatted files.
Answer:

C, D

Explanation:
ITSI provides akvstore_to_json.pyscript that lets you backup/restore ITSI configuration data,
perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI
search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP
file.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/kvstorejson
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/BackupandRestoreITSIconfig

Discussions
0 / 600

Question 6

How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for
each entity?

  • A. Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.
  • B. Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.
  • C. Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.
  • D. Select “No” for both “Split by Entity” and “Filter to Entities in Service”.
Answer:

A

Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Discussions
0 / 600

Question 7

There are two departments using ITSI. Finance and Sales. Analysts in each department should not be
allowed to see each others services. What are the role configuration steps required to accomplish
this?

  • A. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
  • B. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
  • C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
  • D. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
Answer:

C

Discussions
0 / 600

Question 8

For which ITSI function is it a best practice to use a 15-30 minute time buffer?

  • A. Correlation searches.
  • B. Adaptive thresholding.
  • C. Maintenance windows
  • D. Anomaly detection.
Answer:

C

Explanation:
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and
after you start and stop your maintenance work. This gives the system an opportunity to catch up
with the maintenance state and reduces the chances of ITSI generating false positives during
maintenance operations.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Discussions
0 / 600

Question 9

Which of the following is a good use case regarding defining entities for a service?

  • A. Automatically associate entities to services using multiple entity aliases.
  • B. All of the entities have the same identifying field name.
  • C. Being able to split a CPU usage KPI by host name.
  • D. KPI total values are aggregated from multiple different category values in the source events.
Answer:

A

Explanation:
Define entities before creating services. When you configure a service, you can specify entity
matching rules based on entity aliases that automatically add the entities to your service.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Entity/About

Discussions
0 / 600

Question 10

Which of the following are the default ports that must be configured on Splunk to use ITSI?

  • A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
  • B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
  • C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
  • D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)
Answer:

C

Reference:
https://splunk.github.io/docker-splunk/ARCHITECTURE.html

Discussions
0 / 600
To page 2