• ホーム
  • ブログ
  • [2023年12月]更新のSPLK-3002試験事前練習テスト試験問題と解答Splunk IT Service学習ガイド [Q10-Q29]

[2023年12月]更新のSPLK-3002試験事前練習テスト試験問題と解答Splunk IT Service学習ガイド [Q10-Q29]

Share

[2023年12月]更新のSPLK-3002試験事前練習テスト試験問題と解答Splunk IT Service学習ガイド

Splunk IT Service Intelligence Certified Admin認証サンプル解答

質問 # 10
Which of the following is an advantage of using adaptive time thresholds?

  • A. Automatically adjust aggregation policy grouping to manage escalating severity.
  • B. Automatically adjust correlation search thresholds to adjust sensitivity over time.
  • C. Automatically adjust KPI calculation to manage dynamic event data.
  • D. Automatically update thresholds daily to manage dynamic changes to KPI values.

正解:D


質問 # 11
In distributed search, which components need to be installed on instances other than the search head?

  • A. SA-IndexCreation and SA-ITSI-Licensechecker on indexers.
  • B. SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
  • C. SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
  • D. SA-ITSI-Licensechecker on indexers.

正解:A

解説:
Explanation
SA-IndexCreation is required on all indexers. For non-clustered, distributed environments, copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on individual indexers.


質問 # 12
Which of the following is a valid type of Multi-KPI Alert?

  • A. Score over composite.
  • B. Status over time.
  • C. Rise over run.
  • D. Value over time.

正解:D

解説:
Reference:
B is the correct answer because value over time is a valid type of Multi-KPI Alert in ITSI. A Multi-KPI Alert is a type of alert that triggers when multiple KPIs from one or more services meet certain conditions within a specified time range. Value over time is a condition that compares the current value of a KPI to its previous values over a specified time range. For example, you can create a Multi-KPI Alert that triggers when the CPU usage and memory usage of a service are both higher than their average values in the last 24 hours. Reference: [Create Multi-KPI alerts in ITSI], [Multi-KPI alert conditions in ITSI]


質問 # 13
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?

  • A. If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
  • B. If this value is set to 0, the scheduler may skip scheduled execution periods.
  • C. If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
  • D. If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.

正解:A

解説:
Explanation
If set to 0, the scheduler determines the next scheduled search run time based on the last run time for the search. This is called continuous scheduling.


質問 # 14
Which of the following describes a way to delete multiple duplicate entities in ITSI?

  • A. Via the entity lister page.
  • B. All of the above.
  • C. Via c CSV upload.
  • D. Via a search using the | deleteentity command.

正解:B

解説:
D is the correct answer because ITSI provides multiple ways to delete multiple duplicate entities. You can use a CSV upload to overwrite existing entities with new or updated information, or delete them by setting the action field to delete. You can also use the entity lister page to select multiple entities and delete them in bulk. Alternatively, you can use a search command called | deleteentity to delete entities that match certain criteria. Reference: Create and update entities using a CSV file in ITSI, Delete entities in bulk in ITSI, Delete entities using the | deleteentity command in ITSI


質問 # 15
Anomaly detection can be enabled on which one of the following?

  • A. KPI
  • B. Entity
  • C. Service
  • D. Multi-KPI alert

正解:A

解説:
Explanation
Enable anomaly detection to identify trends and outliers in KPI search results that might indicate an issue with your system.


質問 # 16
Which of the following are deployment recommendations for ITSI? (Choose all that apply.)

  • A. Deployments should use fastest possible disk arrays for indexers.
  • B. Deployments may increase the number of required indexers based on the number of KPI searches.
  • C. Deployments often require an increase of hardware resources above base Splunk requirements.
  • D. Deployments require a dedicated ITSI search head.

正解:B、C、D

解説:
Explanation
You might need to increase the hardware specifications of your own Enterprise Security deployment above the minimum hardware requirements depending on your environment.
Install Splunk Enterprise Security on a dedicated search head or search head cluster.
The Splunk platform uses indexers to scale horizontally. The number of indexers required in an Enterprise Security deployment varies based on the data volume, data type, retention requirements, search type, and search concurrency.


質問 # 17
What is the main purpose of the service analyzer?

  • A. Trigger external alerts based on threshold violations.
  • B. Monitor overall Service and KPI status.
  • C. Allow Analysts to add comments to Alerts.
  • D. Display a list of All Services and Entities.

正解:B

解説:
Reference:
The service analyzer is a dashboard that allows you to monitor the overall service and KPI status in ITSI. The service analyzer displays a list of all services and their health scores, which indicate how well each service is performing based on its KPIs. You can also view the status and values of each KPI within a service, as well as drill down into deep dives or glass tables for further analysis. The service analyzer helps you identify issues affecting your services and prioritize them based on their impact and urgency. The main purpose of the service analyzer is:
D) Monitor overall service and KPI status. This is true because the service analyzer provides a comprehensive view of the health and performance of your services and KPIs in real time.
The other options are not the main purpose of the service analyzer because:
A) Display a list of all services and entities. This is not true because the service analyzer does not display entities, which are IT components that require management to deliver an IT service. Entities are displayed in other dashboards, such as entity management or entity health overview.
B) Trigger external alerts based on threshold violations. This is not true because the service analyzer does not trigger alerts, which are notifications sent to external systems or users when certain conditions are met. Alerts are triggered by correlation searches or alert actions configured in ITSI.
C) Allow analysts to add comments to alerts. This is not true because the service analyzer does not allow analysts to add comments to alerts, which are notifications sent to external systems or users


質問 # 18
Which index will contain useful error messages when troubleshooting ITSI issues?

  • A. itsi_notable_audit
  • B. _introspection
  • C. _internal
  • D. itsi_summary

正解:C

解説:
Reference:
The index that will contain useful error messages when troubleshooting ITSI issues is:
B) _internal. This is true because the _internal index contains logs and metrics generated by Splunk processes, such as splunkd and metrics.log. These logs can help you diagnose problems with your Splunk environment, including ITSI components and features.
The other indexes will not contain useful error messages because:
A) _introspection. This is not true because the _introspection index contains data about Splunk resource usage, such as CPU, memory, disk space, and so on. These data can help you monitor the performance and health of your Splunk environment, but not the error messages.
C) itsi_summary. This is not true because the itsi_summary index contains summarized data for your KPIs and services, such as health scores, severity levels, threshold values, and so on. These data can help you analyze the trends and anomalies of your IT services, but not the error messages.
D) itsi_notable_audit. This is not true because the itsi_notable_audit index contains audit data for your notable events and episodes, such as creation time, owner


質問 # 19
What is an episode?

  • A. A notable event.
  • B. A deep dive.
  • C. A workflow task.
  • D. A notable event group.

正解:A

解説:
Explanation
It's a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation.


質問 # 20
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  • A. 9 months.
  • B. 1 year.
  • C. 3 months.
  • D. 6 months.

正解:D

解説:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.


質問 # 21
Within a correlation search, dynamic field values can be specified with what syntax?

  • A. %fieldname%
  • B. fieldname
  • C. <fieldname /fieldname>
  • D. eval(fieldname)

正解:B


質問 # 22
What effects does the KPI importance weight of 11 have on the overall health score of a service?

  • A. Importance weight is unused for health scoring.
  • B. It is a minimum health indicator KPI.
  • C. At least 10% of the KPIs will go critical.
  • D. The service will go critical.

正解:A

解説:
Reference:
The KPI importance weight is a value that indicates how much a KPI contributes to the overall health score of a service. The importance weight can range from 1 (lowest) to 10 (highest). The statement that applies when configuring a KPI importance weight of 11 is:
B) Importance weight is unused for health scoring. This is true because an importance weight of 11 is invalid and cannot be used for health scoring. The maximum value for importance weight is 10.
The other statements do not apply because:
A) At least 10% of the KPIs will go critical. This is not true because an importance weight of 11 does not affect the severity level of any KPIs.
C) The service will go critical. This is not true because an importance weight of 11 does not affect the health score or status of any service.
D) It is a minimum health indicator KPI. This is not true because an importance weight of 11 does not indicate anything about the minimum health level of a KPI.


質問 # 23
Which deep dive swim lane type does not require writing SPL?

  • A. Metric lane.
  • B. KPI lane.
  • C. Event lane.
  • D. Automatic lane.

正解:D

解説:
Explanation
Among all the search configurations, automatic lane doesn't need to be written in Splunk Processing language.


質問 # 24
Which deep dive swim lane type does not require writing SPL?

  • A. Automatic lane.
  • B. Metric lane.
  • C. KPI lane.
  • D. Event lane.

正解:C

解説:
A KPI lane is a type of deep dive swim lane that does not require writing SPL. You can simply select a service and a KPI from a drop-down list and ITSI will automatically populate the lane with the corresponding data. You can also adjust the threshold settings and time range for the KPI lane. Reference: [KPI Lanes]


質問 # 25
Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.)

  • A. Examining and comparing alert levels for KPIs in a service over time.
  • B. Comparing a service's notable events over a time period.
  • C. Comparing swim lane values for a slice of time.
  • D. Visualizing one or more Service KPIs values by time.

正解:A、C、D


質問 # 26
When must a service define entity rules?

  • A. If some or all of the KPIs in the service will be split by entity.
  • B. To enable entity cohesion anomaly detection.
  • C. If the intention is for the KPIs in the service to filter to only entities assigned to the service.
  • D. If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

正解:C

解説:
Provide a value to filter the service to a specific set of entities. These entity rule values are meant to be custom for each service.
Reference:
A is the correct answer because a service must define entity rules if the intention is for the KPIs in the service to filter to only entities assigned to the service. Entity rules are filters that match entities to services based on entity aliases or entity metadata. If you enable the Filter to Entities in Service option for a KPI, you need to define entity rules for the service to ensure that the KPI search results only include the relevant entities for the service. Otherwise, the KPI search results might include entities that are not part of the service or exclude entities that are part of the service. Reference: [Define entities for a service in ITSI], [Configure KPI settings in ITSI]


質問 # 27
Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.)

  • A. Examining and comparing alert levels for KPIs in a service over time.
  • B. Comparing a service's notable events over a time period.
  • C. Comparing swim lane values for a slice of time.
  • D. Visualizing one or more Service KPIs values by time.

正解:A、C、D

解説:
Reference:
A deep dive is a dashboard that allows you to analyze the historical trends and anomalies of your KPIs and metrics in ITSI. A deep dive displays a timeline of events and swim lanes of data that you can customize and filter to investigate issues and perform root cause analysis. Some of the capabilities of deep dives are:
B) Visualizing one or more service KPIs values by time. This is true because you can add KPI swim lanes to a deep dive to show the values and severity levels of one or more KPIs over time. You can also compare KPIs from different services or entities using service swapping or entity splitting.
C) Examining and comparing alert levels for KPIs in a service over time. This is true because you can add alert swim lanes to a deep dive to show the alert levels and counts for one or more KPIs over time. You can also drill down into the alert details and view the notable events associated with each alert.
D) Comparing swim lane values for a slice of time. This is true because you can use the time range selector to zoom in or out of a specific time range in a deep dive. You can also use the time brush to select a slice of time and compare the swim lane values for that time period.
The other option is not a capability of deep dives because:
A) Comparing a service's notable events over a time period. This is not true because deep dives do not display notable events, which are alerts generated by ITSI based on certain conditions or correlations. Notable events are displayed in other dashboards, such as episode review or glass tables.


質問 # 28
Which of the following is a good use case regarding defining entities for a service?

  • A. All of the entities have the same identifying field name.
  • B. Automatically associate entities to services using multiple entity aliases.
  • C. KPI total values are aggregated from multiple different category values in the source events.
  • D. Being able to split a CPU usage KPI by host name.

正解:B

解説:
Explanation
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.


質問 # 29
......

Splunk試験練習テスト最高得点を獲得しよう:https://www.goshiken.com/Splunk/SPLK-3002-mondaishu.html

検証済み材料にはここSPLK-3002:https://drive.google.com/open?id=1DJzs5-eyMwrL6R6IJVffqlV9K1ipvVBv

関するブログ

もっと
SPLK-3002無料問題集