1. Home
  2. Splunk
  3. SPLK-3002

Splunk IT Service Intelligence Certified Admin

Exam Details

  • Exam Code
    :SPLK-3002
  • Exam Name
    :Splunk IT Service Intelligence Certified Admin
  • Certification
    :Splunk IT Service Intelligence Certified Admin
  • Vendor
    :Splunk
  • Total Questions
    :53 Q&As
  • Last Updated
    :

Splunk Splunk IT Service Intelligence Certified Admin SPLK-3002 Questions & Answers

  • Question 1:

    When in maintenance mode, which of the following is accurate?

    A. Once the window is over, KPIs and notable events will begin to be generated again.

    B. KPIs are shown in blue while in maintenance mode.

    C. Maintenance mode slots are scheduled on a per hour basis.

    D. Service health scores and KPI events are deleted until the window is over.

  • Question 2:

    Which of the following is a valid type of Multi-KPI Alert?

    A. Score over composite.

    B. Value over time.

    C. Status over time.

    D. Rise over run.

  • Question 3:

    When must a service define entity rules?

    A. If the intention is for the KPIs in the service to filter to only entities assigned to the service.

    B. To enable entity cohesion anomaly detection.

    C. If some or all of the KPIs in the service will be split by entity.

    D. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

  • Question 4:

    When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

    A. Copy SA-IndexCreationto all indexers.

    B. Copy SA-IndexCreationto the etc/apps directory on the index cluster master node.

    C. Extract installer package into etc/apps directory of the cluster deployer node.

    D. Extract ITSI app package into etc/apps directory of search head.

  • Question 5:

    How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?

    A. Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.

    B. Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.

    C. Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.

    D. Select “No” for both “Split by Entity” and “Filter to Entities in Service”.

  • Question 6:

    Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

    A. A pre-configured default ITSI backup job is provided that can be modified, but not deleted.

    B. ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.

    C. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.

    D. ITSI backups are stored as a collection of JSON formatted files.

  • Question 7:

    Which of the following is a good use case regarding defining entities for a service?

    A. Automatically associate entities to services using multiple entity aliases.

    B. All of the entities have the same identifying field name.

    C. Being able to split a CPU usage KPI by host name.

    D. KPI total values are aggregated from multiple different category values in the source events.

  • Question 8:

    For which ITSI function is it a best practice to use a 15-30 minute time buffer?

    A. Correlation searches.

    B. Adaptive thresholding.

    C. Maintenance windows

    D. Anomaly detection.

  • Question 9:

    There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?

    A. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

    B. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

    C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

    D. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

  • Question 10:

    Which of the following best describes a default deep dive?

    A. It initially shows the health scores for all services.

    B. It initially shows the highest importance KPIs.

    C. It initially shows all of the KPIs for a selected service.

    D. It initially shows all the entity swim lanes.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-3002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.