Pass SPLK-3002 Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Nov-2021]
Valid SPLK-3002 test answers & Splunk SPLK-3002 exam pdf
Splunk SPLK-3002 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
| Topic 12 |
|
| Topic 13 |
|
| Topic 14 |
|
| Topic 15 |
|
NEW QUESTION 21
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
- A. 1 year.
- B. 9 months.
- C. 3 months.
- D. 6 months.
Answer: D
Explanation:
Explanation
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
NEW QUESTION 22
Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)
- A. ITSI backups are stored as a collection of JSON formatted files.
- B. ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
- C. A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
- D. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
Answer: A,D
Explanation:
Explanation
ITSI provides a kvstore_to_json.py script that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file.
NEW QUESTION 23
Which capabilities are enabled through "teams"?
- A. Teams allow searches against the itsi_summary index.
- B. Teams restrict searches against the itsi_notable_audit index.
- C. Teams restrict notable event alert actions.
- D. Teams allow restrictions to service content in UI views.
Answer: A
Explanation:
Explanation
Teams provide presentation-layer security only and not data-level security. It's still possible for a user with access to the Splunk search bar to look up ITSI summary index data.
NEW QUESTION 24
When installing ITSI to support a Distributed Search Architecture, which of the following items apply?
(Choose all that apply.)
- A. Extract ITSI app package into etc/apps directory of search head.
- B. Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.
- C. Copy SA-IndexCreation to all indexers.
- D. Extract installer package into etc/apps directory of the cluster deployer node.
Answer: C
Explanation:
Explanation
Copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on all individual indexers in your environment.
NEW QUESTION 25
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)
- A. Deployments should use fastest possible disk arrays for indexers.
- B. Deployments often require an increase of hardware resources above base Splunk requirements.
- C. Deployments require a dedicated ITSI search head.
- D. Deployments may increase the number of required indexers based on the number of KPI searches.
Answer: B,C,D
Explanation:
Explanation
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.
Install Splunk Enterprise Security on a dedicated search head or search head cluster.
The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.
NEW QUESTION 26
Which of the following describes a realistic troubleshooting workflow in ITSI?
- A. Correlation search -> KPI -> Aggregation Policy
- B. Correlation Search -> Deep Dive -> Notable Event
- C. Service Analyzer -> Notable Event Review -> Deep Dive
- D. Service Analyzer -> Aggregation Policy -> Deep Dive
Answer: B
NEW QUESTION 27
What is the main purpose of the service analyzer?
- A. Monitor overall Service and KPI status.
- B. Trigger external alerts based on threshold violations.
- C. Display a list of All Services and Entities.
- D. Allow Analysts to add comments to Alerts.
Answer: D
NEW QUESTION 28
In maintenance mode, which features of KPIs still function?
- A. KPI calculations and threshold settings can be modified.
- B. New KPIs can be created, but existing KPIs are locked.
- C. KPI searches will execute but will be buffered until the maintenance window is over.
- D. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
Answer: C
Explanation:
Explanation
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.
NEW QUESTION 29
Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.)
- A. Visualizing one or more Service KPIs values by time.
- B. Comparing swim lane values for a slice of time.
- C. Comparing a service's notable events over a time period.
- D. Examining and comparing alert levels for KPIs in a service over time.
Answer: A,B,D
NEW QUESTION 30
When in maintenance mode, which of the following is accurate?
- A. Once the window is over, KPIs and notable events will begin to be generated again.
- B. Maintenance mode slots are scheduled on a per hour basis.
- C. KPIs are shown in blue while in maintenance mode.
- D. Service health scores and KPI events are deleted until the window is over.
Answer: A
NEW QUESTION 31
Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?
- A. Analyze the business to determine the most critical services.
- B. Only include KPIs if they will be used in multiple services.
- C. Define a large number of key services early.
- D. Focus on low-level services.
Answer: B
NEW QUESTION 32
Which of the following best describes a default deep dive?
- A. It initially shows all the entity swim lanes.
- B. It initially shows the health scores for all services.
- C. It initially shows all of the KPIs for a selected service.
- D. It initially shows the highest importance KPIs.
Answer: A
NEW QUESTION 33
When must a service define entity rules?
- A. If some or all of the KPIs in the service will be split by entity.
- B. If the intention is for the KPIs in the service to filter to only entities assigned to the service.
- C. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
- D. To enable entity cohesion anomaly detection.
Answer: B
Explanation:
Explanation
Provide a value to filter the service to a specific set of entities. These entity rule values are meant to be custom for each service.
NEW QUESTION 34
In distributed search, which components need to be installed on instances other than the search head?
- A. SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
- B. SA-IndexCreation and SA-ITSI-Licensechecker on indexers.
- C. SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
- D. SA-ITSI-Licensechecker on indexers.
Answer: B
Explanation:
Explanation
SA-IndexCreation is required on all indexers. For non-clustered, distributed environments, copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on individual indexers.
NEW QUESTION 35
Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?
- A. Service dependencies.
- B. Service templates.
- C. Ad-hoc search.
- D. Service swapping.
Answer: C
NEW QUESTION 36
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?
- A. SA-ITOA
- B. SA-ITSI-Licensechecker
- C. All ITSI components
- D. ITSI app
Answer: B
Explanation:
Explanation
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
NEW QUESTION 37
Which ITSI functions generate notable events? (Choose all that apply.)
- A. KPI anomaly detection.
- B. Correlation search.
- C. Multi-KPI alert.
- D. KPI threshold breaches.
Answer: A,B,D
Explanation:
Explanation
After you configure KPI thresholds, you can set up alerts to notify you when aggregate KPI severities change.
ITSI generates notable events in Episode Review based on the alerting rules you configure.
Anomaly detection generates notable events when a KPI IT Service Intelligence (ITSI) deviates from an expected pattern.
Notable events are typically generated by a correlation search.
NEW QUESTION 38
Which scenario would benefit most by implementing ITSI?
- A. Monitoring of system hardware.
- B. Monitoring of business services functionality.
- C. Monitoring of system process statuses
- D. Monitoring of retail sales metrics.
Answer: B
NEW QUESTION 39
Which of the following is a recommended best practice for service and glass table design?
- A. Plan and implement services first, then build detailed glass tables.
- B. Design glass tables first to discover which KPIs are important.
- C. Start with base searches, then services, and then glass tables.
- D. Always use the standard icons for glass table widgets to improve portability.
Answer: B
NEW QUESTION 40
......
SPLK-3002 Exam Questions – Valid SPLK-3002 Dumps Pdf: https://www.testsimulate.com/SPLK-3002-study-materials.html