New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

When in maintenance mode, which of the following is accurate?

A.

Once the window is over, KPIs and notable events will begin to be generated again.

B.

KPIs are shown in blue while in maintenance mode.

C.

Maintenance mode slots are scheduled on a per hour basis.

D.

Service health scores and KPI events are deleted until the window is over.

Full Access
Question # 5

Which of the following is a characteristic of notable event groups?

A.

Notable event groups combine independent notable events.

B.

Notable event groups are created in the itsi_tracked_alerts index.

C.

Notable event groups allow users to adjust threshold settings.

D.

All of the above.

Full Access
Question # 6

Which scenario would benefit most by implementing ITSI?

A.

Monitoring of business services functionality.

B.

Monitoring of system hardware.

C.

Monitoring of system process statuses

D.

Monitoring of retail sales metrics.

Full Access
Question # 7

Which of the following is a good use case for a Multi-KPI alert?

A.

Alerting when the values of two or more KPIs go into maintenance mode.

B.

Alerting when the trend of two or more KPIs indicates service failure is imminent.

C.

Alerting when two or more KPIs are deviating from their typical pattern.

D.

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.

Full Access
Question # 8

Which of the following services often has KPIs but no entities?

A.

Security Service.

B.

Network Service.

C.

Business Service.

D.

Technical Service.

Full Access
Question # 9

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

A.

Use | stats functions in custom fields to prepare the data for KPI calculations.

B.

Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C.

Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D.

Plan to build as many data models as possible for ITSI to leverage

Full Access
Question # 10

What happens when an anomaly is detected?

A.

A separate correlation search needs to be created in order to see it.

B.

A SNMP trap will be sent.

C.

An anomaly alert will appear in core splunk, in index=main.

D.

An anomaly alert will appear as a notable event in Episode Review.

Full Access
Question # 11

Which of the following items apply to anomaly detection? (Choose all that apply.)

A.

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Full Access
Question # 12

Which of the following can generate notable events?

A.

Through ad-hoc search results which get processed by adaptive thresholds.

B.

When two entity aliases have a matching value.

C.

Through scheduled correlation searches which link to their respective services.

D.

Manually selected using the Notable Event Review panel.

Full Access
Question # 13

Which of the following describes entities? (Choose all that apply.)

A.

Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.

B.

An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.

C.

Multiple entities can share the same alias value, but must have different role values.

D.

To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in Service”.

Full Access
Question # 14

Which of the following is a best practice when configuring maintenance windows?

A.

Disable any glass tables that reference a KPI that is part of an open maintenance window.

B.

Develop a strategy for configuring a service’s notable event generation when the service’s maintenance window is open.

C.

Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.

D.

Change the color of services and entities that are part of an open maintenance window in the service analyzer.

Full Access
Question # 15

When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?

A.

Service, status, owner.

B.

Severity, status, owner.

C.

Severity, comments, service.

D.

Severity, status, service.

Full Access
Question # 16

In distributed search, which components need to be installed on instances other than the search head?

A.

SA-IndexCreation and SA-ITSI-Licensechecker on indexers.

B.

SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

C.

SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

D.

SA-ITSI-Licensechecker on indexers.

Full Access
Question # 17

Which of the following applies when configuring time policies for KPI thresholds?

A.

A person can only configure 24 policies, one for each hour of the day.

B.

They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00

C.

If a person expects a KPI to change significantly through a cycle on a daily basis, don’t use it.

D.

It is possible for multiple time policies to overlap.

Full Access
Question # 18

After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved?

A.

Create service templates for each group and create the services from the templates.

B.

Create teams for each department and assign KPIs to each team.

C.

Create services for each group and set the permissions of the services to restrict them to each group.

D.

Create teams for each department and assign services to the teams.

Full Access
Question # 19

Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?

A.

Service templates.

B.

Service dependencies.

C.

Ad-hoc search.

D.

Service swapping.

Full Access
Question # 20

In which index are active notable events stored?

A.

itsi_notable_archive

B.

itsi_notable_audit

C.

itsi_tracked_alerts

D.

itsi_tracked_groups

Full Access
Question # 21

Which of the following items describe ITSI teams? (select all that apply)

A.

Teams should have itoa admin roles added with read-only permissions for services and entities.

B.

Services should be assigned to the 'global' team if all users need access to it.

C.

By default, all services are owned by the built-in 'global' team and administered by the 'itoa_admin' role.

D.

A new team admin role should be created for each team. The new role should inherit the 'itoa_team_admin' role.

Full Access
Question # 22

Which of the following is a recommended best practice for ITSI installation?

A.

ITSI should not be installed on search heads that have Enterprise Security installed.

B.

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

Full Access
Question # 23

Which index contains ITSI Episodes?

A.

itsi_tracked_alerts

B.

itsi_grouped_alerts

C.

itsi_notable_archive

D.

itsi_summary

Full Access
Question # 24

What is an episode?

A.

A workflow task.

B.

A deep dive.

C.

A notable event group.

D.

A notable event.

Full Access
Question # 25

How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?

A.

Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.

B.

Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.

C.

Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.

D.

Select “No” for both “Split by Entity” and “Filter to Entities in Service”.

Full Access
Question # 26

What is the minimum number of entities a KPI must be split by in order to use Entity Cohesion anomaly detection?

A.

3

B.

4

C.

5

D.

2

Full Access
Question # 27

What is the range for a normal Service Health score category?

A.

20-40

B.

40-60

C.

60-80

D.

80-100

Full Access