Splunk IT Service Intelligence Certified Admin SPLK-3002 Exam Practice Test

Page: 1 / 14
Total 90 questions
Question 1

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)



Answer : A

CopySA-IndexCreationto$SPLUNK_HOME/etc/apps/on all individual indexers in your environment.


A is the correct answer because when installing ITSI to support a distributed search architecture, you need to copy SA-IndexCreation to all indexers. SA-IndexCreation is an app that contains the definitions of the ITSI indexes, such as itsi_summary, itsi_tracked_alerts, itsi_grouped_alerts, etc. You need to copy this app to all indexers to ensure that they can store and search the ITSI data. B is not a correct answer because you do not need to copy SA-IndexCreation to the etc/apps directory on the index cluster master node. The index cluster master node does not store or search data, it only manages the replication and availability of data across the index cluster peers. C is not a correct answer because you do not need to extract the installer package into etc/apps directory of the cluster deployer node. The cluster deployer node is used to distribute apps and configuration updates to the search head cluster members. You need to extract the installer package into etc/shcluster/apps directory of the cluster deployer node instead. D is not a correct answer because you do not need to extract the ITSI app package into etc/apps directory of search head. You need to extract the ITSI app package into etc/shcluster/apps directory of the cluster deployer node and use the deployer to push the app to all search head cluster members. Reference: [Install Splunk IT Service Intelligence on a search head cluster], [Install Splunk IT Service Intelligence on an indexer cluster]

Question 2

Which of the following is a valid type of Multi-KPI Alert?



Answer : B


B is the correct answer because value over time is a valid type of Multi-KPI Alert in ITSI. A Multi-KPI Alert is a type of alert that triggers when multiple KPIs from one or more services meet certain conditions within a specified time range. Value over time is a condition that compares the current value of a KPI to its previous values over a specified time range. For example, you can create a Multi-KPI Alert that triggers when the CPU usage and memory usage of a service are both higher than their average values in the last 24 hours. Reference: [Create Multi-KPI alerts in ITSI], [Multi-KPI alert conditions in ITSI]

Question 3

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)



Answer : B, C, D

Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).


B, C, and D are correct answers because they are the default alert actions that a correlation search can execute besides creating notable events. You can configure a correlation search to send an email, include the results in an RSS feed, or run a custom script when the search matches a defined pattern. Ping a host is not a default alert action for correlation searches. Reference:Configure correlation search settings in ITSI

Question 4

Which of the following is an advantage of an adaptive time threshold?



Answer : B

An adaptive time threshold in the context of Splunk IT Service Intelligence (ITSI) refers to the capability of dynamically adjusting threshold values for Key Performance Indicators (KPIs) based on historical data trends and patterns. This feature allows thresholds to evolve as the 'normal' behavior of KPIs changes over time, ensuring that alerts remain relevant and reduce the likelihood of false positives or negatives. The advantage of this approach is that it accommodates for natural fluctuations in KPI values that may occur due to changes in business operations, seasonality, or other factors, without requiring manual threshold adjustments. This makes the monitoring system more resilient and responsive to actual conditions, improving the overall effectiveness of IT operations management.


Question 5

What effects does the KPI importance weight of 11 have on the overall health score of a service?



Answer : B


The KPI importance weight is a value that indicates how much a KPI contributes to the overall health score of a service. The importance weight can range from 1 (lowest) to 10 (highest). The statement that applies when configuring a KPI importance weight of 11 is:

B) Importance weight is unused for health scoring. This is true because an importance weight of 11 is invalid and cannot be used for health scoring. The maximum value for importance weight is 10.

The other statements do not apply because:

A) At least 10% of the KPIs will go critical. This is not true because an importance weight of 11 does not affect the severity level of any KPIs.

C) The service will go critical. This is not true because an importance weight of 11 does not affect the health score or status of any service.

D) It is a minimum health indicator KPI. This is not true because an importance weight of 11 does not indicate anything about the minimum health level of a KPI.

Question 6

Which scenario would benefit most by implementing ITSI?



Answer : A


Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution that uses artificial intelligence and machine learning to provide insights into the health and performance of IT services. ITSI lets you create services that represent the critical components of your IT infrastructure, such as applications, databases, servers, networks, and so on. You can then monitor the status and performance of these services using key performance indicators (KPIs), which are metrics that measure aspects of service health, such as availability, latency, error rate, and so on. ITSI also provides tools for visualizing, investigating, and alerting on service issues, such as service analyzers, glass tables, deep dives, episode review, and so on. The scenario that would benefit most by implementing ITSI is monitoring of business service functionality, because ITSI enables you to measure and improve the quality and reliability of your IT services and align them with your business objectives. Reference:What is Splunk IT Service Intelligence?

Question 7

Which of the following is the best use case for configuring a Multi-KPI Alert?



Answer : D


A multi-KPI alert is a type of correlation search that is based on defined trigger conditions for two or more KPIs. When trigger conditions occur simultaneously for each KPI, the search generates a notable event. For example, you might create a multi-KPI alert based on two common KPIs: CPU load percent and web requests. A sudden simultaneous spike in both CPU load percent and web request KPIs might indicate a DDOS (Distributed Denial of Service) attack. Multi-KPI alerts can bring such trending behaviors to your attention early, so that you can take action to minimize any impact on performance. Multi-KPI alerts are useful for correlating the status of multiple KPIs across multiple services. They help you identify causal relationships, investigate root cause, and provide insights into behaviors across your infrastructure. The best use case for configuring a multi-KPI alert is to raise an alert when one or more KPIs indicate an outage is occurring, such as when the service health score drops below a certain threshold or when multiple KPIs have critical severity levels. Reference:Create multi-KPI alerts in ITSI

Page:    1 / 14   
Total 90 questions