• ホーム
  • ブログ
  • 無料で使えるSPLK-3002試験ブレーン問題集認定ガイド問題と解答 [Q30-Q53]

無料で使えるSPLK-3002試験ブレーン問題集認定ガイド問題と解答 [Q30-Q53]

Share

無料で使えるSPLK-3002試験ブレーン問題集認定ガイド問題と解答

SPLK-3002認定概要最新のSPLK-3002のPDF問題集


Splunk SPLK-3002 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • ITSIのインストールと構成
  • ITSIハードウェアの推奨事項の一覧表示
  • ITSI導入オプションの説明
  • ITSIコンポーネントの特定
トピック 2
  • データ監査を使用してサービスの主要業績評価指標を特定する
  • サービス設計を使用してITSIにサービスを実装する
  • しきい値と時間ポリシー
トピック 3
  • ITSIの機能の特定
  • ITSIを使用する理由の説明
  • ITSIユーザーインターフェイスの調査
トピック 4
  • 注目すべきイベントの管理
  • 主要な注目すべきイベントの用語とその関係の定義
  • マルチKPIアラートの例の説明
トピック 5
  • マルチKPIアラートの定義
  • 注目すべきイベントストレージの管理
  • 集約ポリシー
  • 新しい集約ポリシーの作成
トピック 6
  • 注目すべきイベントのワークフローを説明する
  • 注目すべきイベントを処理する
  • ディープダイブに関する問題を調査する
トピック 7
  • 静的および適応しきい値を使用してKPIを作成する
  • 時間ポリシーを使用して柔軟なしきい値
  • エンティティとモジュールを定義し、エンティティをインポートする

 

質問 30
When must a service define entity rules?

  • A. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
  • B. If the intention is for the KPIs in the service to filter to only entities assigned to the service.
  • C. If some or all of the KPIs in the service will be split by entity.
  • D. To enable entity cohesion anomaly detection.

正解: B

解説:
Explanation
Provide a value to filter the service to a specific set of entities. These entity rule values are meant to be custom for each service.

 

質問 31
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?

  • A. If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
  • B. If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
  • C. If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
  • D. If this value is set to 0, the scheduler may skip scheduled execution periods.

正解: C

解説:
Explanation
If set to 0, the scheduler determines the next scheduled search run time based on the last run time for the search. This is called continuous scheduling.

 

質問 32
When installing ITSI to support a Distributed Search Architecture, which of the following items apply?
(Choose all that apply.)

  • A. Copy SA-IndexCreation to all indexers.
  • B. Extract installer package into etc/apps directory of the cluster deployer node.
  • C. Extract ITSI app package into etc/apps directory of search head.
  • D. Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.

正解: A

解説:
Explanation
Copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on all individual indexers in your environment.

 

質問 33
Which of the following accurately describes base searches used for KPIs in a service?

  • A. All the metrics in a base search are used by one service.
  • B. Base searches can be used for multiple services.
  • C. A base search can only be used by its service and all dependent services.
  • D. All the KPIs in a service use the same base search.

正解: B

解説:
Explanation
KPI base searches let you share a search definition across multiple KPIs in IT Service Intelligence (ITSI).
Create base searches to consolidate multiple similar KPIs, reduce search load, and improve search performance.

 

質問 34
Where are KPI search results stored?

  • A. The default index.
  • B. Output to a CSV lookup.
  • C. The itsi_summary index.
  • D. KV Store.

正解: C

解説:
Explanation
Search results are processed, created, and written to the itsi_summary index via an alert action.

 

質問 35
Which of the following describes a realistic troubleshooting workflow in ITSI?

  • A. Service Analyzer -> Aggregation Policy -> Deep Dive
  • B. Correlation Search -> Deep Dive -> Notable Event
  • C. Service Analyzer -> Notable Event Review -> Deep Dive
  • D. Correlation search -> KPI -> Aggregation Policy

正解: B

 

質問 36
What is the main purpose of the service analyzer?

  • A. Trigger external alerts based on threshold violations.
  • B. Monitor overall Service and KPI status.
  • C. Allow Analysts to add comments to Alerts.
  • D. Display a list of All Services and Entities.

正解: C

 

質問 37
When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

  • A. Gear Icon
  • B. Purple
  • C. Blue
  • D. Gray

正解: D

解説:
Explanation
Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.

 

質問 38
When changing a service template, which of the following will be added to linked services by default?

  • A. Thresholds.
  • B. Health score.
  • C. New KPIs.
  • D. Entity Rules.

正解: D

解説:
Explanation
Link multiple services to a service template to manage them collectively in IT Service Intelligence (ITSI). A service can only be linked to one service template at a time. When you link a service to a service template, any existing KPIs in the service are preserved and KPIs in the template are added to the service. You can choose to append, replace, or keep entity rules.

 

質問 39
Which capabilities are enabled through "teams"?

  • A. Teams allow searches against the itsi_summary index.
  • B. Teams restrict notable event alert actions.
  • C. Teams allow restrictions to service content in UI views.
  • D. Teams restrict searches against the itsi_notable_audit index.

正解: A

解説:
Explanation
Teams provide presentation-layer security only and not data-level security. It's still possible for a user with access to the Splunk search bar to look up ITSI summary index data.

 

質問 40
Which of the following is an advantage of using adaptive time thresholds?

  • A. Automatically update thresholds daily to manage dynamic changes to KPI values.
  • B. Automatically adjust KPI calculation to manage dynamic event data.
  • C. Automatically adjust aggregation policy grouping to manage escalating severity.
  • D. Automatically adjust correlation search thresholds to adjust sensitivity over time.

正解: A

 

質問 41
What is the default importance value for dependent services' health scores?

  • A. 0
  • B. 1
  • C. 2
  • D. Unassigned

正解: B

解説:
Explanation
By default, impacting service health scores have an importance value of 11.

 

質問 42
Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

  • A. Focus on low-level services.
  • B. Define a large number of key services early.
  • C. Analyze the business to determine the most critical services.
  • D. Only include KPIs if they will be used in multiple services.

正解: D

 

質問 43
Which scenario would benefit most by implementing ITSI?

  • A. Monitoring of system hardware.
  • B. Monitoring of retail sales metrics.
  • C. Monitoring of system process statuses
  • D. Monitoring of business services functionality.

正解: D

 

質問 44
Which ITSI functions generate notable events? (Choose all that apply.)

  • A. KPI threshold breaches.
  • B. KPI anomaly detection.
  • C. Multi-KPI alert.
  • D. Correlation search.

正解: A,B,D

解説:
Explanation
After you configure KPI thresholds, you can set up alerts to notify you when aggregate KPI severities change.
ITSI generates notable events in Episode Review based on the alerting rules you configure.
Anomaly detection generates notable events when a KPI IT Service Intelligence (ITSI) deviates from an expected pattern.
Notable events are typically generated by a correlation search.

 

質問 45
Which of the following is a valid type of Multi-KPI Alert?

  • A. Score over composite.
  • B. Value over time.
  • C. Status over time.
  • D. Rise over run.

正解: C

 

質問 46
Which of the following items apply to anomaly detection? (Choose all that apply.)

  • A. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
  • B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
  • C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
  • D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

正解: B,C

 

質問 47
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  • A. 9 months.
  • B. 1 year.
  • C. 6 months.
  • D. 3 months.

正解: C

解説:
Explanation
By default, notable event metadata is archived after six months to keep the KV store from growing too large.

 

質問 48
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

  • A. Deployments should use fastest possible disk arrays for indexers.
  • B. Deployments require a dedicated ITSI search head.
  • C. Deployments may increase the number of required indexers based on the number of KPI searches.
  • D. Deployments often require an increase of hardware resources above base Splunk requirements.

正解: B,C,D

解説:
Explanation
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.
Install Splunk Enterprise Security on a dedicated search head or search head cluster.
The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.

 

質問 49
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?

  • A. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
  • B. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
  • C. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
  • D. itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

正解: B

 

質問 50
Which of the following describes enabling smart mode for an aggregation policy?

  • A. Edit the notable event view, enable smart mode, select "fields", and click "Save"
  • B. Edit the aggregation policy, enable smart mode, select fields to analyze, click "Save"
  • C. Configure -> Policies -> Smart Mode -> Enable, select "fields", click "Save"
  • D. Enable grouping in Notable Event Review, select "Smart Mode", select "fields", and click "Save"

正解: C

解説:
Explanation
1. From the ITSI main menu, click Configuration > Notable Event Aggregation Policies.
2. Select a custom policy or the Default Policy.
3. Under Smart Mode grouping, enable Smart Mode.
4. Click Select fields. A dialog displays the fields found in your notable events from the last 24 hours.

 

質問 51
......

ベストなSplunk SPLK-3002学習ガイドと問題集には2022:https://www.goshiken.com/Splunk/SPLK-3002-mondaishu.html

トップクラスSplunk SPLK-3002試験材料で学習ガイド!練習問題バージョンで挑もう:https://drive.google.com/open?id=1jjvzurprAqYugfNn9dgZUcVFoXc38G2L

関するブログ

もっと
SPLK-3002無料問題集