Certbus > Splunk > Splunk Certifications > SPLK-3002 > SPLK-3002 Online Practice Questions and Answers

SPLK-3002 Online Practice Questions and Answers

Questions 4

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

A. Only include KPIs if they will be used in multiple services.

B. Analyze the business to determine the most critical services.

C. Focus on low-level services.

D. Define a large number of key services early.

Browse 53 Q&As
Questions 5

Which deep dive swim lane type does not require writing SPL?

A. Event lane.

B. Automatic lane.

C. Metric lane.

D. KPI lane.

Browse 53 Q&As
Questions 6

Which of the following items apply to anomaly detection? (Choose all that apply.)

A. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.

B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Browse 53 Q&As
Questions 7

In Episode Review, what is the result of clicking an episode's Acknowledge button?

A. Assign the current user as owner.

B. Change status from New to Acknowledged.

C. Change status from New to In Progress and assign the current user as owner.

D. Change status from New to Acknowledged and assign the current user as owner.

Browse 53 Q&As
Questions 8

What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

A. Creating glass tables.

B. Correlation search creation.

C. Service swapping configuration.

D. Adding KPI metric lanes to glass tables.

Browse 53 Q&As
Questions 9

Which of the following accurately describes base searches used for KPIs in a service?

A. Base searches can be used for multiple services.

B. A base search can only be used by its service and all dependent services.

C. All the metrics in a base search are used by one service.

D. All the KPIs in a service use the same base search.

Browse 53 Q&As
Questions 10

What effects does the KPI importance weight of 11 have on the overall health score of a service?

A. At least 10% of the KPIs will go critical.

B. Importance weight is unused for health scoring.

C. The service will go critical.

D. It is a minimum health indicator KPI.

Browse 53 Q&As
Questions 11

Which of the following is an advantage of using adaptive time thresholds?

A. Automatically update thresholds daily to manage dynamic changes to KPI values.

B. Automatically adjust KPI calculation to manage dynamic event data.

C. Automatically adjust aggregation policy grouping to manage escalating severity.

D. Automatically adjust correlation search thresholds to adjust sensitivity over time.

Browse 53 Q&As
Questions 12

What is the default importance value for dependent services’ health scores?

A. 11

B. 1

C. Unassigned

D. 10

Browse 53 Q&As
Questions 13

Which of the following is a recommended best practice for service and glass table design?

A. Plan and implement services first, then build detailed glass tables.

B. Always use the standard icons for glass table widgets to improve portability.

C. Start with base searches, then services, and then glass tables.

D. Design glass tables first to discover which KPIs are important.

Browse 53 Q&As
Questions 14

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

A. Deployments often require an increase of hardware resources above base Splunk requirements.

B. Deployments require a dedicated ITSI search head.

C. Deployments may increase the number of required indexers based on the number of KPI searches.

D. Deployments should use fastest possible disk arrays for indexers.

Browse 53 Q&As
Questions 15

Which capabilities are enabled through “teams”?

A. Teams allow searches against the itsi_summaryindex.

B. Teams restrict notable event alert actions.

C. Teams restrict searches against the itsi_notable_auditindex.

D. Teams allow restrictions to service content in UI views.

Browse 53 Q&As
Questions 16

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

A. Ping a host.

B. Send email.

C. Include in RSS feed.

D. Run a script.

Browse 53 Q&As
Questions 17

In maintenance mode, which features of KPIs still function?

A. KPI searches will execute but will be buffered until the maintenance window is over.

B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summaryindex.

C. New KPIs can be created, but existing KPIs are locked.

D. KPI calculations and threshold settings can be modified.

Browse 53 Q&As
Questions 18

Which of the following describes enabling smart mode for an aggregation policy?

A. Configure –andgt; Policies –andgt; Smart Mode –andgt; Enable, select “fields”, click “Save”

B. Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

C. Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

D. Edit the notable event view, enable smart mode, select “fields”, and click “Save”

Browse 53 Q&As
Exam Code: SPLK-3002
Exam Name: Splunk IT Service Intelligence Certified Admin
Last Update: Mar 13, 2025
Questions: 53 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99