Splunk SPLK-3002 Exam Practice Test Instant Access

Question 1

Within a correlation search, dynamic field values can be specified with what syntax?

Afieldname

B<fieldname /fieldname>

C%fieldname%

Deval(fieldname)

Answer : A

Question 2

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

APing a host.

BSend email.

CInclude in RSS feed.

DRun a script.

Answer : B, C, D

Question 3

Anomaly detection can be enabled on which one of the following?

AKPI

BMulti-KPI alert

CEntity

DService

Answer : A

Question 4

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

AService access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.

BEntities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.

CServices, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.

DBackfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

Answer : A, C

Question 5

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

ADeployments often require an increase of hardware resources above base Splunk requirements.

BDeployments require a dedicated ITSI search head.

CDeployments may increase the number of required indexers based on the number of KPI searches.

DDeployments should use fastest possible disk arrays for indexers.

Answer : A, B, C

Question 6

When changing a service template, which of the following will be added to linked services by default?

AThresholds.

BEntity Rules.

CNew KPIs.

DHealth score.

Answer : B

Question 7

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

AUse | stats functions in custom fields to prepare the data for KPI calculations.

BCheck if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

CMake sure that all fields conform to CIM, then use the corresponding module to import related services.

DPlan to build as many data models as possible for ITSI to leverage