Splunk SPLK-3002 Online Practice
Questions and Exam Preparation
SPLK-3002 Exam Details
Exam Code
:SPLK-3002
Exam Name
:Splunk IT Service Intelligence Certified Admin
Certification
:Splunk Certifications
Vendor
:Splunk
Total Questions
:90 Q&As
Last Updated
:Jan 16, 2026
Splunk SPLK-3002 Online Questions &
Answers
Question 1:
In Episode Review, what is the result of clicking an episode's Acknowledge button?
A. Assign the current user as owner. B. Change status from New to Acknowledged. C. Change status from New to In Progress and assign the current user as owner. D. Change status from New to Acknowledged and assign the current user as owner.
D. Change status from New to Acknowledged and assign the current user as owner.
Question 2:
Which ITSI components are required before a module can be created?
A. One or more entity import saved searches. B. One or more services with KPIs and their associated base searches. C. One or more datamodels. D. One or more correlation searches and their associated entities.
C. One or more datamodels.
Question 3:
What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)
A. Creating glass tables. B. Correlation search creation. C. Service swapping configuration. D. Adding KPI metric lanes to glass tables.
A. Creating glass tables. C. Service swapping configuration. D. Adding KPI metric lanes to glass tables.
Question 4:
Which of the following describes entities? (Choose all that apply.)
A. Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address. B. An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service. C. Multiple entities can share the same alias value, but must have different role values. D. To automatically restrict the KPI to only the entities in a particular service, select "Filter to Entities in Service".
B. An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service. D. To automatically restrict the KPI to only the entities in a particular service, select "Filter to Entities in Service".
Question 5:
Which of the following are the default ports that must be configured on Splunk to use ITSI?
A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628) B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000) C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088) D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)
C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
Question 6:
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
A. Ping a host. B. Send email. C. Include in RSS feed. D. Run a script.
B. Send email. C. Include in RSS feed. D. Run a script.
Question 7:
Which anomaly detection algorithm is included within ITSI?
A. Entity cohesion B. Standard deviation C. Linear regression D. Infantile regression
A. Entity cohesion
Question 8:
What is the default importance value for dependent services' health scores?
A. 11 B. 1 C. Unassigned D. 10
D. 10
Question 9:
When in maintenance mode, which of the following is accurate?
A. Once the window is over, KPIs and notable events will begin to be generated again. B. KPIs are shown in blue while in maintenance mode. C. Maintenance mode slots are scheduled on a per hour basis. D. Service health scores and KPI events are deleted until the window is over.
A. Once the window is over, KPIs and notable events will begin to be generated again.
Question 10:
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?
A. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst. B. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst. C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst. D. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Splunk exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SPLK-3002 exam preparations
and Splunk certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.