IT認証試験問題集
毎月、GOWUKAKUは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / SPLK-3002 問題集  / SPLK-3002 問題練習

Splunk SPLK-3002 問題練習

Splunk IT Service Intelligence Certified Admin Exam 試験

最新更新時間: 2024/03/19,合計53問。

【2024年3月キャンペーン】:SPLK-3002 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、SPLK-3002 問題集を使用してください。

 / 2

Question No : 1
When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

正解:
Explanation:
Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question No : 2
Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

正解:
Explanation:
ITSI provides a kvstore_to_json.py script that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/kvstorejson
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/BackupandRestoreITSIconfi g

Question No : 3
Which of the following are the default ports that must be configured on Splunk to use ITSI?

正解:
Explanation:
Reference: https://splunk.github.io/docker-splunk/ARCHITECTURE.html

Question No : 4
Which of the following is an advantage of using adaptive time thresholds?

正解:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/TimePolicies

Question No : 5
Where are KPI search results stored?

正解:
Explanation:
Search results are processed, created, and written to the itsi_summary index via an alert action.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question No : 6
In maintenance mode, which features of KPIs still function?

正解:
Explanation:
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question No : 7
Which of the following is a characteristic of base searches?

正解:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question No : 8
Which of the following describes entities? (Choose all that apply.)

正解:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/KPIfilter

Question No : 9
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

正解:
Explanation:
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/ConfigCS

Question No : 10
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

正解:
Explanation:
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment. Install Splunk Enterprise Security on a dedicated search head or search head cluster. The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.
Reference: https://docs.splunk.com/Documentation/ES/latest/Install/DeploymentPlanning

Question No : 11
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

正解:
Explanation:
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallDD

Question No : 12
Which of the following best describes a default deep dive?

正解:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/DeepDives

Question No : 13
What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

正解:
Explanation:
Reference: https://newoutlook.it/download/book/splunk/advanced-splunk.pdf

Question No : 14
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

正解:
Explanation:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections

Question No : 15
When changing a service template, which of the following will be added to linked services by default?

正解:
Explanation:
Link multiple services to a service template to manage them collectively in IT Service Intelligence (ITSI). A service can only be linked to one service template at a time. When you link a service to a service template, any existing KPIs in the service are preserved and KPIs in the template are added to the service. You can choose to append, replace, or keep entity rules.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/LinkST

 / 2
Splunk