Free SPLK-3002 Sample Questions — Splunk IT Service Intelligence Certified Admin

Which scenario would benefit most by implementing ITSI?

• A. Monitoring of business services functionality
• B. Monitoring of system hardware
• C. Monitoring of system process statuses
• D. Monitoring of retail sales metrics

When must a service define entity rules?

• A. If the intention is for the KPIs in the service to filter to only entities assigned to the service
• B. To enable entity cohesion anomaly detection
• C. If some or all of the KPIs in the service will be split by entity
• D. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values

Which of the following best describes a default deep dive?

• A. It initially shows the health scores for all services
• B. It initially shows the highest importance KPIs
• C. It initially shows all of the KPIs for a selected service
• D. It initially shows all the entity swim lanes

What is an episode?

• A. workflow task
• B. deep dive
• C. notable event group
• D. notable event

Anomaly detection can be enabled on which one of the following?

• A. KPI
• B. Multi-KPI alert
• C. Entity
• D. Service

Which of the following accurately describes base searches used for KPIs in a service?

• A. Base searches can be used for multiple services
• B. base search can only be used by its service and all dependent services
• C. All the metrics in a base search are used by one service
• D. All the KPIs in a service use the same base search

Which of the following is not true about anomaly detection?

• A. It can analyze per-entity behavior
• B. It is configured at the service level
• C. It looks for a deviation from a historic pattern
• D. Its results are stored in the anomaly_detection index

When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

• A. SA-ITOA
• B. ITSI app
• C. All ITSI components
• D. SA-ITSI-Licensechecker

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

• A. Ping a host
• B. Send email
• C. Include in RSS feed
• D. Run a script

What is the default importance value for dependent services’ health scores?

• A. 11
• B. 1
• C. Unassigned
• D. 10

In distributed search, which components need to be installed on instances other than the search head?

• A. SA-IndexCreation and SA-ITSI-Licensechecker on indexers
• B. SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master
• C. SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master
• D. SA-ITSI-Licensechecker on indexers

What is the main purpose of the service analyzer?

• A. Display a list of All Services and Entities
• B. Trigger external alerts based on threshold violations
• C. Allow Analysts to add comments to Alerts
• D. Monitor overall Service and KPI status

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

• A. 6 months
• B. 9 months
• C. 1 year
• D. 3 months

Which capabilities are enabled through “teams”?

• A. Teams allow searches against the itsi_summary index
• B. Teams restrict notable event alert actions
• C. Teams restrict searches against the itsi_notable_audit index
• D. Teams allow restrictions to service content in UI views

Which index will contain useful error messages when troubleshooting ITSI issues?

• A. _introspection
• B. _internal
• C. itsi_summary
• D. itsi_notable_audit