• ホーム
  • ブログ
  • 更新されたのは2023年10月試験エンジンはSPLK-3002無料お試しサンプルが365日更新されます [Q20-Q38]

更新されたのは2023年10月試験エンジンはSPLK-3002無料お試しサンプルが365日更新されます [Q20-Q38]

Share

更新されたのは2023年10月試験エンジンはSPLK-3002無料お試しサンプルが365日更新されます

試験合格保証SPLK-3002試験には正確な問題解答付き!

質問 # 20
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

  • A. ITSI app
  • B. All ITSI components
  • C. SA-ITSI-Licensechecker
  • D. SA-ITOA

正解:C

解説:
Explanation
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.


質問 # 21
Which of the following describes a realistic troubleshooting workflow in ITSI?

  • A. Correlation search -> KPI -> Aggregation Policy
  • B. Service Analyzer -> Aggregation Policy -> Deep Dive
  • C. Service Analyzer -> Notable Event Review -> Deep Dive
  • D. Correlation Search -> Deep Dive -> Notable Event

正解:D


質問 # 22
When changing a service template, which of the following will be added to linked services by default?

  • A. Entity Rules.
  • B. New KPIs.
  • C. Thresholds.
  • D. Health score.

正解:B

解説:
C) New KPIs. This is true because when you add new KPIs to a service template, they will be automatically added to all the services that are linked to that template. This helps you keep your services consistent and up-to-date with the latest KPI definitions.
The other options will not be added to linked services by default because:
A) Thresholds. This is not true because when you change thresholds in a service template, they will not affect the existing thresholds in the linked services. You need to manually apply the threshold changes to each linked service if you want them to inherit the new thresholds from the template.
B) Entity rules. This is not true because when you change entity rules in a service template, they will not affect the existing entity rules in the linked services. You need to manually apply the entity rule changes to each linked service if you want them to inherit the new entity rules from the template.
D) Health score. This is not true because when you change health score settings in a service template, they will not affect the existing health score settings in the linked services. You need to manually apply the health score changes to each linked service if you want them to inherit the new health score settings from the template.


質問 # 23
Which scenario would benefit most by implementing ITSI?

  • A. Monitoring of business services functionality.
  • B. Monitoring of system process statuses
  • C. Monitoring of retail sales metrics.
  • D. Monitoring of system hardware.

正解:A


質問 # 24
What is an episode?

  • A. A workflow task.
  • B. A notable event.
  • C. A notable event group.
  • D. A deep dive.

正解:B

解説:
Explanation
It's a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation.


質問 # 25
Which ITSI functions generate notable events? (Choose all that apply.)

  • A. Correlation search.
  • B. KPI threshold breaches.
  • C. Multi-KPI alert.
  • D. KPI anomaly detection.

正解:A、B、D

解説:
After you configure KPI thresholds, you can set up alerts to notify you when aggregate KPI severities change. ITSI generates notable events in Episode Review based on the alerting rules you configure.
Anomaly detection generates notable events when a KPI IT Service Intelligence (ITSI) deviates from an expected pattern.
Notable events are typically generated by a correlation search.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.1/SI/AboutSI
A, B, and D are correct answers because ITSI can generate notable events when a KPI breaches a threshold, when a KPI detects an anomaly, or when a correlation search matches a defined pattern. These are the main ways that ITSI can alert you to potential issues or incidents in your IT environment. Reference: Configure KPI thresholds in ITSI, Apply anomaly detection to a KPI in ITSI, Generate events with correlation searches in ITSI


質問 # 26
Which of the following best describes a default deep dive?

  • A. It initially shows the health scores for all services.
  • B. It initially shows the highest importance KPIs.
  • C. It initially shows all of the KPIs for a selected service.
  • D. It initially shows all the entity swim lanes.

正解:C

解説:
Reference:
C is the correct answer because a default deep dive initially shows all of the KPIs for a selected service. You can create a default deep dive by drilling down from another dashboard or by selecting a service from the deep dive lister page. A default deep dive does not show health scores, importance scores, or entity swim lanes by default. Reference: [Create default deep dives for services in ITSI]


質問 # 27
Which of the following is a good use case regarding defining entities for a service?

  • A. Being able to split a CPU usage KPI by host name.
  • B. All of the entities have the same identifying field name.
  • C. KPI total values are aggregated from multiple different category values in the source events.
  • D. Automatically associate entities to services using multiple entity aliases.

正解:D

解説:
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.
Reference:
A is the correct answer because defining entities for a service allows you to automatically associate entities to services using multiple entity aliases. Entity aliases are alternative names or identifiers for an entity, such as host name, IP address, MAC address, or DNS name. ITSI matches entity aliases to fields in your data sources and assigns entities to services accordingly. This way, you can avoid manually adding entities to each service and ensure that your services reflect the latest changes in your environment. Reference: Define entities for a service in ITSI


質問 # 28
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  • A. 3 months.
  • B. 6 months.
  • C. 1 year.
  • D. 9 months.

正解:B

解説:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.


質問 # 29
Which index is used to store KPI values?

  • A. itsi_summary
  • B. itsi_summary_metrics
  • C. itsi_metrics
  • D. itsi_service_health

正解:B

解説:
Explanation
The IT Service Intelligence (ITSI) metrics summary index, itsi_summary_metrics, is a metrics-based summary index that stores KPI data.


質問 # 30
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

  • A. Deployments should use fastest possible disk arrays for indexers.
  • B. Deployments often require an increase of hardware resources above base Splunk requirements.
  • C. Deployments require a dedicated ITSI search head.
  • D. Deployments may increase the number of required indexers based on the number of KPI searches.

正解:B、C、D

解説:
Explanation
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.
Install Splunk Enterprise Security on a dedicated search head or search head cluster.
The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.


質問 # 31
Which of the following describes enabling smart mode for an aggregation policy?

  • A. Enable grouping in Notable Event Review, select "Smart Mode", select "fields", and click "Save"
  • B. Edit the notable event view, enable smart mode, select "fields", and click "Save"
  • C. Edit the aggregation policy, enable smart mode, select fields to analyze, click "Save"
  • D. Configure -> Policies -> Smart Mode -> Enable, select "fields", click "Save"

正解:D

解説:
Explanation
1. From the ITSI main menu, click Configuration > Notable Event Aggregation Policies.
2. Select a custom policy or the Default Policy.
3. Under Smart Mode grouping, enable Smart Mode.
4. Click Select fields. A dialog displays the fields found in your notable events from the last 24 hours.


質問 # 32
What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

  • A. Correlation search creation.
  • B. Creating glass tables.
  • C. Adding KPI metric lanes to glass tables.
  • D. Service swapping configuration.

正解:B、C、D

解説:
Create a glass table to visualize and monitor the interrelationships and dependencies across your IT and business services.
The service swapping settings are saved and apply the next time you open the glass table.
You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. Glass tables show real-time data generated by KPIs and services.
Reference:
The glass table editor is a tool that allows you to create and edit glass tables in ITSI. Some of the capabilities of the glass table editor are:
Creating glass tables from scratch or from existing templates.
Configuring service swapping on widgets to toggle displaying metrics from different services.
Adding KPI metric lanes to glass tables to show historical trends of KPI values.
The glass table editor does not support correlation search creation, which is a separate feature in ITSI that allows you to create searches that look for relationships between data points and generate notable events. Reference: Overview of the glass table editor in ITSI, [Configure service swapping on glass tables], [Add KPI metric lanes to glass tables], [Overview of correlation searches in ITSI]


質問 # 33
Within a correlation search, dynamic field values can be specified with what syntax?

  • A. <fieldname /fieldname>
  • B. fieldname
  • C. %fieldname%
  • D. eval(fieldname)

正解:B


質問 # 34
What are valid considerations when designing an ITSI Service? (Choose all that apply.)

  • A. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
  • B. Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
  • C. Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
  • D. Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

正解:A、C


質問 # 35
Within a correlation search, dynamic field values can be specified with what syntax?

  • A. fieldname
  • B. %fieldname%
  • C. eval(fieldname)
  • D. <fieldname /fieldname>

正解:D

解説:
Reference:
B is the correct answer because dynamic field values can be specified with <fieldname /fieldname> syntax within a correlation search. This syntax allows you to insert values from fields returned by the correlation search into alert actions such as email subject or body. For example, <host /host> inserts the value of the host field into the email. Reference: [Use dynamic field values in correlation searches in ITSI]


質問 # 36
Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

  • A. Focus on low-level services.
  • B. Define a large number of key services early.
  • C. Analyze the business to determine the most critical services.
  • D. Only include KPIs if they will be used in multiple services.

正解:C

解説:
Reference:
A best practice for identifying the most effective services with which to start an iterative ITSI deployment is to analyze the business to determine the most critical services that have the most impact on revenue, customer satisfaction, or other key performance indicators. You can use the Service Analyzer to prioritize and monitor these services. Reference: Service Analyzer


質問 # 37
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

  • A. Include in RSS feed.
  • B. Run a script.
  • C. Send email.
  • D. Ping a host.

正解:A、B、C

解説:
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).
Reference:
B, C, and D are correct answers because they are the default alert actions that a correlation search can execute besides creating notable events. You can configure a correlation search to send an email, include the results in an RSS feed, or run a custom script when the search matches a defined pattern. Ping a host is not a default alert action for correlation searches. Reference: Configure correlation search settings in ITSI


質問 # 38
......


Splunk SPLK-3002認定試験は、Splunk IT Service Intelligence(ITSI)の分野でITプロフェッショナルのスキルと知識をテストするように設計されています。この認定試験は、複雑なIT環境でSplunk ITSIの構成、管理、および展開に習熟したい経験豊富なITプロフェッショナルを対象としています。

 

試験問題はSPLK-3002最新版を提供するのはテストエンジン:https://www.goshiken.com/Splunk/SPLK-3002-mondaishu.html

テストエンジンの練習テストならこれSPLK-3002有効で更新された問題集:https://drive.google.com/open?id=1A377yCq77Tq-_LcQETROiHsyfOBesfPo

関するブログ

もっと
SPLK-3002無料問題集