[Jan 12, 2022] Ultimate SPLK-3002 Guide to Prepare Free Latest Splunk Practice Tests Dumps [Q23-Q44]

[Jan 12, 2022] Ultimate SPLK-3002 Guide to Prepare Free Latest Splunk Practice Tests Dumps

Get Top-Rated Splunk SPLK-3002 Exam Dumps Now

NEW QUESTION 23
Which index is used to store KPI values?

• A. itsi_summary_metrics
• B. itsi_service_health
• C. itsi_summary
• D. itsi_metrics

Answer: A

Explanation:
Explanation
The IT Service Intelligence (ITSI) metrics summary index, itsi_summary_metrics, is a metrics-based summary index that stores KPI data.

 

NEW QUESTION 24
Which of the following applies when configuring time policies for KPI thresholds?

• A. A person can only configure 24 policies, one for each hour of the day.
• B. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00
• C. If a person expects a KPI to change significantly through a cycle on a daily basis, don't use it.
• D. It is possible for multiple time policies to overlap.

Answer: D

Explanation:
Explanation
If you're creating multiple time policies that require the same threshold values, you can save time by copying the threshold levels and their corresponding values from one policy to another.

 

NEW QUESTION 25
Anomaly detection can be enabled on which one of the following?

• A. KPI
• B. Service
• C. Multi-KPI alert
• D. Entity

Answer: A

Explanation:
Explanation
Enable anomaly detection to identify trends and outliers in KPI search results that might indicate an issue with your system.

 

NEW QUESTION 26
When must a service define entity rules?

• A. If some or all of the KPIs in the service will be split by entity.
• B. To enable entity cohesion anomaly detection.
• C. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
• D. If the intention is for the KPIs in the service to filter to only entities assigned to the service.

Answer: D

Explanation:
Explanation
Provide a value to filter the service to a specific set of entities. These entity rule values are meant to be custom for each service.

 

NEW QUESTION 27
Which index contains ITSI Episodes?

• A. itsi_notable_archive
• B. itsi_tracked_alerts
• C. itsi_grouped_alerts
• D. itsi_summary

Answer: A

 

NEW QUESTION 28
For which ITSI function is it a best practice to use a 15-30 minute time buffer?

• A. Adaptive thresholding.
• B. Correlation searches.
• C. Anomaly detection.
• D. Maintenance windows

Answer: D

Explanation:
Explanation
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.

 

NEW QUESTION 29
Which of the following is a good use case regarding defining entities for a service?

• A. All of the entities have the same identifying field name.
• B. KPI total values are aggregated from multiple different category values in the source events.
• C. Being able to split a CPU usage KPI by host name.
• D. Automatically associate entities to services using multiple entity aliases.

Answer: D

Explanation:
Explanation
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.

 

NEW QUESTION 30
What is the default importance value for dependent services' health scores?

• A. 0
• B. 1
• C. Unassigned
• D. 2

Answer: B

Explanation:
Explanation
By default, impacting service health scores have an importance value of 11.

 

NEW QUESTION 31
Which of the following are the default ports that must be configured on Splunk to use ITSI?

• A. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
• B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
• C. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
• D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Answer: A

 

NEW QUESTION 32
Which of the following accurately describes base searches used for KPIs in a service?

• A. Base searches can be used for multiple services.
• B. A base search can only be used by its service and all dependent services.
• C. All the KPIs in a service use the same base search.
• D. All the metrics in a base search are used by one service.

Answer: A

Explanation:
Explanation
KPI base searches let you share a search definition across multiple KPIs in IT Service Intelligence (ITSI).
Create base searches to consolidate multiple similar KPIs, reduce search load, and improve search performance.

 

NEW QUESTION 33
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?

• A. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
• B. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
• C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
• D. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

Answer: A

 

NEW QUESTION 34
Which of the following is a best practice when configuring maintenance windows?

• A. Change the color of services and entities that are part of an open maintenance window in the service analyzer.
• B. Disable any glass tables that reference a KPI that is part of an open maintenance window.
• C. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
• D. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.

Answer: D

Explanation:
Explanation
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.

 

NEW QUESTION 35
Which of the following is a valid type of Multi-KPI Alert?

• A. Score over composite.
• B. Rise over run.
• C. Status over time.
• D. Value over time.

Answer: C

 

NEW QUESTION 36
In distributed search, which components need to be installed on instances other than the search head?

• A. SA-ITSI-Licensechecker on indexers.
• B. SA-IndexCreation and SA-ITSI-Licensechecker on indexers.
• C. SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
• D. SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

Answer: B

Explanation:
Explanation
SA-IndexCreation is required on all indexers. For non-clustered, distributed environments, copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on individual indexers.

 

NEW QUESTION 37
Which capabilities are enabled through "teams"?

• A. Teams allow searches against the itsi_summary index.
• B. Teams restrict searches against the itsi_notable_audit index.
• C. Teams allow restrictions to service content in UI views.
• D. Teams restrict notable event alert actions.

Answer: A

Explanation:
Explanation
Teams provide presentation-layer security only and not data-level security. It's still possible for a user with access to the Splunk search bar to look up ITSI summary index data.

 

NEW QUESTION 38
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?

• A. If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
• B. If this value is set to 0, the scheduler may skip scheduled execution periods.
• C. If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
• D. If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.

Answer: D

Explanation:
Explanation
If set to 0, the scheduler determines the next scheduled search run time based on the last run time for the search. This is called continuous scheduling.

 

NEW QUESTION 39
Which of the following is a recommended best practice for service and glass table design?

• A. Always use the standard icons for glass table widgets to improve portability.
• B. Design glass tables first to discover which KPIs are important.
• C. Start with base searches, then services, and then glass tables.
• D. Plan and implement services first, then build detailed glass tables.

Answer: B

 

NEW QUESTION 40
In maintenance mode, which features of KPIs still function?

• A. New KPIs can be created, but existing KPIs are locked.
• B. KPI calculations and threshold settings can be modified.
• C. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
• D. KPI searches will execute but will be buffered until the maintenance window is over.

Answer: D

Explanation:
Explanation
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.

 

NEW QUESTION 41
When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

• A. Gear Icon
• B. Gray
• C. Purple
• D. Blue

Answer: B

Explanation:
Explanation
Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.

 

NEW QUESTION 42
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

• A. Run a script.
• B. Send email.
• C. Include in RSS feed.
• D. Ping a host.

Answer: A,B,C

Explanation:
Explanation
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).

 

NEW QUESTION 43
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

• A. Deployments require a dedicated ITSI search head.
• B. Deployments should use fastest possible disk arrays for indexers.
• C. Deployments may increase the number of required indexers based on the number of KPI searches.
• D. Deployments often require an increase of hardware resources above base Splunk requirements.

Answer: A,C,D

Explanation:
Explanation
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.
Install Splunk Enterprise Security on a dedicated search head or search head cluster.
The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.

 

NEW QUESTION 44
......

Passing Key To Getting SPLK-3002 Certified Exam Engine PDF: https://examtests.passcollection.com/SPLK-3002-valid-vce-dumps.html