SPLK-3002 시험 - Splunk실제시험문제와 답 - 53문항

Question No : 1

When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

A.Gray
B.Purple
C.Gear Icon
D.Blue

정답:
Explanation:
Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question No : 2

Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

A.A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
B.ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
C.kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
D.ITSI backups are stored as a collection of JSON formatted files.

정답:
Explanation:
ITSI provides a kvstore_to_json.py script that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/kvstorejson
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/BackupandRestoreITSIconfi g

Question No : 3

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A.SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
B.SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
C.SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
D.SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

정답:
Explanation:
Reference: https://splunk.github.io/docker-splunk/ARCHITECTURE.html

Question No : 4

Which of the following is an advantage of using adaptive time thresholds?

A.Automatically update thresholds daily to manage dynamic changes to KPI values.
B.Automatically adjust KPI calculation to manage dynamic event data.
C.Automatically adjust aggregation policy grouping to manage escalating severity.
D.Automatically adjust correlation search thresholds to adjust sensitivity over time.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/TimePolicies

Question No : 5

Where are KPI search results stored?

A.The default index.
B.KV Store.
C.Output to a CSV lookup.
D.The itsi_summary index.

정답:
Explanation:
Search results are processed, created, and written to the itsi_summary index via an alert action.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question No : 6

In maintenance mode, which features of KPIs still function?

A.KPI searches will execute but will be buffered until the maintenance window is over.
B.KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
C.New KPIs can be created, but existing KPIs are locked.
D.KPI calculations and threshold settings can be modified.

정답:
Explanation:
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question No : 7

Which of the following is a characteristic of base searches?

A.Search expression, entity splitting rules, and thresholds are configured at the base search level.
B.It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.
C.The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
D.The base search will execute whether or not a KPI needs it.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question No : 8

Which of the following describes entities? (Choose all that apply.)

A.Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.
B.An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.
C.Multiple entities can share the same alias value, but must have different role values.
D.To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in Service”.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/KPIfilter

Question No : 9

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

A.Ping a host.
B.Send email.
C.Include in RSS feed.
D.Run a script.

정답:
Explanation:
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/ConfigCS

Question No : 10

Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

A.Deployments often require an increase of hardware resources above base Splunk requirements.
B.Deployments require a dedicated ITSI search head.
C.Deployments may increase the number of required indexers based on the number of KPI searches.
D.Deployments should use fastest possible disk arrays for indexers.

정답:
Explanation:
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment. Install Splunk Enterprise Security on a dedicated search head or search head cluster. The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.
Reference: https://docs.splunk.com/Documentation/ES/latest/Install/DeploymentPlanning

Question No : 11

When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

A.SA-ITOA
B.ITSI app
C.All ITSI components
D.SA-ITSI-Licensechecker

정답:
Explanation:
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallDD

Question No : 12

Which of the following best describes a default deep dive?

A.It initially shows the health scores for all services.
B.It initially shows the highest importance KPIs.
C.It initially shows all of the KPIs for a selected service.
D.It initially shows all the entity swim lanes.

정답:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/DeepDives

Question No : 13

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

A.Use | stats functions in custom fields to prepare the data for KPI calculations.
B.Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
C.Make sure that all fields conform to CIM, then use the corresponding module to import related services.
D.Plan to build as many data models as possible for ITSI to leverage

정답:
Explanation:
Reference: https://newoutlook.it/download/book/splunk/advanced-splunk.pdf

Question No : 14

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

A.6 months.
B.9 months.
C.1 year.
D.3 months.

정답:
Explanation:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections

Question No : 15

When changing a service template, which of the following will be added to linked services by default?

A.Thresholds.
B.Entity Rules.
C.New KPIs.
D.Health score.

정답:
Explanation:
Link multiple services to a service template to manage them collectively in IT Service Intelligence (ITSI). A service can only be linked to one service template at a time. When you link a service to a service template, any existing KPIs in the service are preserved and KPIs in the template are added to the service. You can choose to append, replace, or keep entity rules.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/LinkST

Splunk SPLK-3002 시험