Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Stack #4678851

QuestionAnswer
1. After a notable event has been closed, how long will the meta data for that event remain in the KVStore by default? A. 6 months B. 9 months C. 1 year D. 3 months A. 6 months
2. Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment? A. Only include KPIs if they will be used in multiple services. B. Analyze the business to determine the most critic B. Analyze the business to determine the most critical services.
3. When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view? A. Gray B. Purple C. Gear Icon D. Blue A. Gray
4. Which deep dive swim lane type does not require writing SPL? A. Event lane. B. Automatic lane. C. Metric lane. D. KPI lane. D. KPI lane.
5. Which of the following items apply to anomaly detection? (Choose all that apply.) A. Use AD on KPIs that have an unestablished baseline. B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis. C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
6. Which of the following is a best practice when configuring maintenance windows? A. Disable any glass tables that reference a KPI. B. Develop a strategy for configuring a service's notable event generation. C. Give the maintenance window a buffer, for e C. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
7. In Episode Review, what is the result of clicking an episode's Acknowledge button? A. Assign the current user as owner. B. Change status from New to Acknowledged. C. Change status from New to In Progress and assign the current user as owner. D. Change C. Change status from New to In Progress and assign the current user as owner.
8. Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget? A. Service templates. B. Service dependencies. C. Ad-hoc search. D. Service swapping. D. Service swapping.
9. Which of the following is a characteristic of base searches? A. Search expression, entity splitting rules, and thresholds are configured at the base search level. B. It is possible to filter to entities assigned to the service for calculating the metri B. It is possible to filter to entities assigned to the service for calculating the metrics for the service's KPIs.
10. What are valid ITSI Glass Table editor capabilities? (Choose all that apply.) A. Creating glass tables. B. Correlation search creation. C. Service swapping configuration. D. Adding KPI metric lanes to glass tables. A. Creating glass tables. C. Service swapping configuration. D. Adding KPI metric lanes to glass tables.
D. Raising an alert when one or more KPIs indicate an outage is occurring.
C. SA-IndexCreation on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
13. When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)? A. SA-ITOA B. ITSI app C. All ITSI components D. SA-ITSI-Licensechecker C. All ITSI components
14. Which of the following describes entities? (Choose all that apply.) A. Entities must be IT devices. B. An abstract (pseudo/logical) entity can be used to split by for a KPI. C. Multiple entities can share the same alias value, but must have different B. An abstract (pseudo/logical) entity can be used to split by for a KPI. D. To automatically restrict the KPI to only the entities in a particular service, select "Filter to Entities in Service".
15. Which of the following describes a realistic troubleshooting workflow in ITSI? A. Correlation Search -> Deep Dive -> Notable Event B. Service Analyzer -> Notable Event Review -> Deep Dive C. Service Analyzer -> Aggregation Policy -> Deep Dive D. Corre B. Service Analyzer -> Notable Event Review -> Deep Dive
16. Which of the following accurately describes base searches used for KPIs in a service? A. Base searches can be used for multiple services. B. A base search can only be used by its service and all dependent services. C. All the metrics in a base search A. Base searches can be used for multiple services.
17. Which scenario would benefit most by implementing ITSI? A. Monitoring of business services functionality. B. Monitoring of system hardware. C. Monitoring of system process statuses D. Monitoring of retail sales metrics. A. Monitoring of business services functionality.
18. ITSI Saved Search Scheduling is configured to use real-time_schedule = 0. Which statement is accurate about this configuration? A. Scheduler bases determination on current time. B. Scheduler bases determination on the last search execution time. C. Sc B. If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
19. What effects does the KPI importance weight of 11 have on the overall health score of a service? A. At least 10% of the KPIs will go critical. B. Importance weight is unused for health scoring. C. The service will go critical. D. It is a minimum healt D. It is a minimum health indicator KPI.
20. Which of the following is an advantage of using adaptive time thresholds? A. Automatically update thresholds daily to manage dynamic changes to KPI values. B. Automatically adjust KPI calculation to manage dynamic event data. C. Automatically adjust a A. Automatically update thresholds daily to manage dynamic changes to KPI values.
21. Which of the following applies when configuring time policies for KPI thresholds? A. A person can only configure 24 policies. B. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00 C. If a person expects a B. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00
22. What is the main purpose of the service analyzer? A. Display a list of All Services and Entities. B. Trigger external alerts based on threshold violations. C. Allow Analysts to add comments to Alerts. D. Monitor overall Service and KPI status. D. Monitor overall Service and KPI status.
23. What is the default importance value for dependent services' health scores? A. 11 B. 1 C. Unassigned D. 10 A. 11
24. What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data? A. Use | stats functions in custom fields to prepare the data for KPI calculations. B. Check if the data could leverage pre-built KPIs f B. Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
25. When changing a service template, which of the following will be added to linked services by default? A. Thresholds. B. Entity Rules. C. New KPIs. D. Health score. C. New KPIs.
26. Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.) A. Comparing a service's notable events over a time period. B. Visualizing one or more Service KPIs values by time. C. Examining and comparing alert levels for B. Visualizing one or more Service KPIs values by time. C. Examining and comparing alert levels for KPIs in a service over time. D. Comparing swim lane values for a slice of time.
27. What is an episode? A. A workflow task. B. A deep dive. C. A notable event group. D. A notable event. C. A notable event group.
28. Which index will contain useful error messages when troubleshooting ITSI issues? A. _introspection B. _internal C. itsi_summary D. itsi_notable_audit B. _internal
29. Which of the following is a recommended best practice for service and glass table design? A. Plan and implement services first, then build detailed glass tables. B. Always use the standard icons for glass table widgets. C. Start with base searches, th A. Plan and implement services first, then build detailed glass tables.
30. Which of the following are deployment recommendations for ITSI? (Choose all that apply.) A. Deployments often require an increase of hardware resources above base Splunk requirements. B. Deployments require a dedicated ITSI search head. C. Deployments A. Deployments often require an increase of hardware resources above base Splunk requirements. B. Deployments require a dedicated ITSI search head. C. Deployments may increase the number of required indexers based on the number of KPI searches.
31. What are valid considerations when designing an ITSI Service? (Choose all that apply.) A. Service access control requirements for ITSI Team Access should be considered. B. Entities, entity meta-data, and entity rules should be planned carefully. C. Se A. Service access control requirements for ITSI Team Access should be considered. B. Entities, entity meta-data, and entity rules should be planned carefully. C. Services, entities, and saved searches are stored in the ITSI app, while events created by KP
32. Anomaly detection can be enabled on which one of the following? A. KPI B. Multi-KPI alert C. Entity D. Service A. KPI
33. Which index is used to store KPI values? A. itsi_summary_metrics B. itsi_metrics C. itsi_service_health D. itsi_summary A. itsi_summary_metrics
34. Where are KPI search results stored? A. The default index. B. KV Store. C. Output to a CSV lookup. D. The itsi_summary index. D. The itsi_summary index.
35. Which ITSI functions generate notable events? (Choose all that apply.) A. KPI threshold breaches. B. KPI anomaly detection. C. Multi-KPI alert. D. Correlation search. A. KPI threshold breaches. B. KPI anomaly detection. C. Multi-KPI alert. D. Correlation search.
36. Which of the following describes a way to delete multiple duplicate entities in ITSI? A. Via a CSV upload. B. Via the entity lister page. C. Via a search using the | deleteentity command. D. All of the above. D. All of the above.
37. Which capabilities are enabled through "teams"? A. Teams allow searches against the itsi_summary index. B. Teams restrict notable event alert actions. C. Teams restrict searches against the itsi_notable_audit index. D. Teams allow restrictions to serv D. Teams allow restrictions to service content in UI views.
38. Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.) A. Ping a host. B. Send email. C. Include in RSS feed. D. Run a script. B. Send email. C. Include in RSS feed. D. Run a script.
39. Within a correlation search, dynamic field values can be specified with what syntax? A. fieldname B. <fieldname /fieldname> C. %fieldname% D. eval(fieldname) C. %fieldname%
40. In maintenance mode, which features of KPIs still function? A. KPI searches will execute but will be buffered until the maintenance window is over. B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index. C. A. KPI searches will execute but will be buffered until the maintenance window is over.
41. Which index contains ITSI Episodes? A. itsi_tracked_alerts B. itsi_grouped_alerts C. itsi_notable_archive D. itsi_summary B. itsi_grouped_alerts
42. Which of the following best describes a default deep dive? A. It initially shows the health scores for all services. B. It initially shows the highest importance KPIs. C. It initially shows all of the KPIs for a selected service. D. It initially shows C. It initially shows all of the KPIs for a selected service.
43. Which of the following describes enabling smart mode for an aggregation policy? A. Configure -> Policies -> Smart Mode -> Enable B. Enable grouping in Notable Event Review C. Edit the aggregation policy, enable smart mode, select fields to analyze, cl C. Edit the aggregation policy, enable smart mode, select fields to analyze, click "Save"
44. Which of the following are the default ports that must be configured on Splunk to use ITSI? A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628) B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000) C. SplunkWeb (8000), SplunkD (808 C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
45. Which of the following is a good use case regarding defining entities for a service? A. Automatically associate entities to services using multiple entity aliases. B. All of the entities have the same identifying field name. C. Being able to split a C C. Being able to split a CPU usage KPI by host name.
46. For which ITSI function is it a best practice to use a 15-30 minute time buffer? A. Correlation searches. B. Adaptive thresholding. C. Maintenance windows D. Anomaly detection. C. Maintenance windows
47. There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this? A. itoa_finance_admin, inherited from itoa_admi D. itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
48. How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity? A. Select "Yes" for both "Split by Entity" and "Filter to Entities in Service". B. Select "No" for "Split by Entity" and "Yes" for "F A. Select "Yes" for both "Split by Entity" and "Filter to Entities in Service".
49. Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.) A. A pre-configured default ITSI backup job is provided that can be modified, but not deleted. B. ITSI backup is inclusive of KV Store, ITSI Configur A. A pre-configured default ITSI backup job is provided that can be modified, but not deleted. C. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups. D. ITSI backups are stored as a collection of JSON form
50. When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.) A. Copy SA-IndexCreation to all indexers. B. Copy SA-IndexCreation to the etc/apps directory on the index cluster master no A. Copy SA-IndexCreation to all indexers.
51. Which of the following is a valid type of Multi-KPI Alert? A. Score over composite. B. Value over time. C. Status over time. D. Rise over run. C. Status over time.
52. When must a service define entity rules? A. If the intention is for the KPIs in the service to filter to only entities assigned to the service. B. To enable entity cohesion anomaly detection. C. If some or all of the KPIs in the service will be split A. If the intention is for the KPIs in the service to filter to only entities assigned to the service.
53. When in maintenance mode, which of the following is accurate? A. Once the window is over, KPIs and notable events will begin to be generated again. B. KPIs are shown in blue while in maintenance mode. C. Maintenance mode slots are scheduled on a per h A. Once the window is over, KPIs and notable events will begin to be generated again.
54. In which index are active notable events stored? A. itsi_notable_archive B. itsi_notable_audit C. itsi_tracked_alerts D. itsi_tracked_groups C. itsi_tracked_alerts
55. When a KPI's aggregate value is calculated, which function is called? A. stats B. tstats C. fieldsummary D. eval B. tstats
56. Which of the following describes default deep dives? A. Are manually generated and can be accessed via the Service Analyzer. B. Include all KPIs of all services. C. Are auto-generated and can be accessed via the Service Analyzer. D. Include health sco C. Are auto-generated and can be accessed via the Service Analyzer.
57. Which of the following is a problem requiring correction in ITSI? A. Two or more entities with the same service ID. B. Two or more entities with the same entity ID. C. Two or more entities with the same value in a single alias field. D. Two or more en C. Two or more entities with the same value in a single alias field.
58. Which of the following is a good use case for a Multi-KPI alert? A. Alerting when the values of two or more KPIs go into maintenance mode. B. Alerting when the trend of two or more KPIs indicates service failure is imminent. C. Alerting when two or mo D. Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.
59. Which of the following actions can be performed with a deep dive? A. Create a Multi-KPI alert from the deep dive's current state to warn of similar situations in the future. B. Create a predictive analysis model from the deep dive to warn of future se A. Create a Multi-KPI alert from the deep dive's current state to warn of similar situations in the future.
60. Which of the following is an advantage of an adaptive time threshold? A. Automatically alerting when KPI value patterns change over time. B. Automatically adjusting thresholds as normal KPI values change over time. C. Automatically adjusting to holida B. Automatically adjusting thresholds as normal KPI values change over time.
61. Which of the following best describes an ITSI Glass Table? A. A view which displays a system topology overlaid with KPI metrics. B. A view which describes a topology. C. A dashboard which displays a system topology. D. A view showing KPI values in a v A. A view which displays a system topology overlaid with KPI metrics.
62. Which of the following statements describe default glass tables in ITSI? A. The Service Health Score default glass table. B. There is one default glass table per service. C. There is one service template default glass table. D. There are no default gl D. There are no default glass tables.
63. Which of the following is part of setting up a new aggregation policy? A. Filtering criteria B. Policy version C. Review order D. Module rules A. Filtering criteria
64. Which of the following is a recommended best practice for ITSI installation? A. ITSI should not be installed on search heads that have Enterprise Security installed. B. Before installing ITSI, make sure the Common Information Model (CIM) is installed. A. ITSI should not be installed on search heads that have Enterprise Security installed.
65. Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply) A. Memory KPI in a glass table. B. Memory panel of the OS Host Details view in the Operating System module. C. Memory swim lane in a Deep Div A. Memory KPI in a glass table. B. Memory panel of the OS Host Details view in the Operating System module. C. Memory swim lane in a Deep Dive. D. Service & KPI tiles in the Service Analyzer.
66. How should entities be handled during the data audit phase of requirements gathering? A. Entity meta-data for info and aliases should be identified and recorded as requirements. B. Entities should be noted based upon Service KPI requirements such as ' A. Entity meta-data for info and aliases should be identified and recorded as requirements.
67. What is the minimum number of entities a KPI must be split by in order to use Entity Cohesion anomaly detection? A. 3 B. 4 C. 5 D. 2 B. 4
68. Which of the following statements is accurate when using multiple policies? A. New policies are applied after the default policy. B. Policy processing is applied in a defined order. C. An event can be processed by only a single policy. D. New policies B. Policy processing is applied in a defined order.
69. Which step is required to install ITSI on a single Search Head? A. Untar the ITSI package in <splunk home>/etc/apps B. Run splunk_apply shcluster-bundle C. Use the Splunk -> Manage Apps Dashboard to download and install. D. All of the above. A. Untar the ITSI package in <splunk home>/etc/apps
70. What happens when an anomaly is detected? A. A separate correlation search needs to be created in order to see it. B. A SNMP trap will be sent. C. An anomaly alert will appear in core splunk, in index=main. D. An anomaly alert will appear as a notable D. An anomaly alert will appear as a notable event in Episode Review.
71. After ITSI is initially deployed for the operations department at a large company, another department would like to use ITSI but wants to keep their information private from the operations group. How can this be achieved? A. Create service templates f D. Create teams for each department and assign services to the teams.
72. What is the range for a normal Service Health score category? A. 20-40 B. 40-60 C. 60-80 D. 80-100 D. 80-100
73. Which of the following are characteristics of ITSI service dependencies? (select all that apply) A. If a primary service has a dependent service KPI and the KPI's importance level is changed, the dependency is broken. B. It is best practice to use the B. It is best practice to use the dependent service's built-in 'ServiceHealthScore' KPI to reflect impact to the primary service. C. Setting the dependent service KPI importance level will be treated as any other KPI in the primary service's health score.
74. Which of the following can generate notable events? A. Through ad-hoc search results which get processed by adaptive thresholds. B. When two entity aliases have a matching value. C. Through scheduled correlation searches which link to their respective C. Through scheduled correlation searches which link to their respective services.
75. To use Adaptive Threshholding, what is the minimum requirement for a set of KPI data? A. 14 days old. B. 7 days old. C. 30 days old. D. 10 days old. B. 7 days old.
76. There are two Smart Mode configuration settings that control how fields affect grouping. Which of these is correct? A. Text deviation and category deviation. B. Text similarity and category deviation. C. Text similarity and category similarity. D. Tex C. Text similarity and category similarity.
77. How can admins manually control groupings of notable events? A. Correlation searches. B. Multi-KPI alerts. C. notable_event_grouping.conf D. Aggregation policies. D. Aggregation policies.
78. Which of the following is a characteristic of custom deep dives? A. Allows itoa_analyst roles to add comments. B. Requires at least 7 days' data to show anomalies. C. Combines metric, event, KPI, and service health score lanes. D. Uses drilldown to ge C. Combines metric, event, KPI, and service health score lanes.
79. When troubleshooting KPI search performance, which search names in job activity identify base searches? A. Indicator - XXXX - Base Search B. Indicator - Shared - xxxx - ITSI Search C. Indicator - Base - xxxx - ITSI Search D. Indicator - Base - XXXX - C. Indicator - Base - xxxx - ITSI Search
80. Which of the following items describe ITSI teams? (select all that apply) A. Teams should have itoa admin roles added with read-only permissions for services and entities. B. Services should be assigned to the 'global' team if all users need access to B. Services should be assigned to the 'global' team if all users need access to it. C. By default, all services are owned by the built-in 'global' team and administered by the 'itoa_admin' role. D. A new team admin role should be created for each team. Th
81. Which of the following are characteristics of service templates? (select all that apply) A. Service templates can be modified after services are instantiated from it. B. Service templates contain KPIs and KPI thresholds. C. Service templates can conta A. Service templates can be modified after services are instantiated from it. B. Service templates contain KPIs and KPI thresholds. C. Service templates can contain specific or generic entity rules.
82. What can a KPI widget on a glass table drill down into? A. Another glass table. B. A Splunk dashboard. C. A custom deep dive. D. Any of the above. D. Any of the above.
83. Which of the following is a characteristic of notable event groups? A. Notable event groups combine independent notable events. B. Notable event groups are created in the itsi_tracked_alerts index. C. Notable event groups allow users to adjust thresho A. Notable event groups combine independent notable events.
84. Which of the following services often has KPIs but no entities? A. Security Service. B. Network Service. C. Business Service. D. Technical Service. C. Business Service.
85. When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level? A. Service, status, owner. B. Severity, status, owner. C. Severity, comments, service. D. Severity, sta B. Severity, status, owner.
86. Which anomaly detection algorithm is included within ITSI? A. Entity cohesion B. Standard deviation C. Linear regression D. Infantile regression A. Entity cohesion
87. Which ITSI components are required before a module can be created? A. One or more entity import saved searches. B. One or more services with KPIs and their associated base searches. C. One or more datamodels. D. One or more correlation searches and th C. One or more datamodels.
88. Which is the least permissive role required to modify default deep dives? A. itoa_analyst B. admin C. power D. itoa_admin D. itoa_admin
89. How can Service Now incidents be created automatically when a Multi-KPI alert triggers? (select all that apply) A. By creating a custom etc/apps/SA-lTOA/workflow_rules.conf B. By linking Entities to Service-Now configuration items. C. By creating a no C. By creating a notable event aggregation policy with a SNOW incident action. D. By editing the associated correlation search and specifying an alert action.
90. Which of the following is a good use case for creating a custom module? A. Modules are required to create entity and service import searches. B. Modules are required to be able to create custom visualizations for deep dives. C. Making it easy to migra C. Making it easy to migrate KPI base searches and related visualizations to other ITSI installations.
A. An abstract description of a type of service that can be reused
C. Changes propagate to linked services
C. To adjust thresholds based on specific time periods
94. What is an entity in ITSI? A. A static object used for display purposes B. A KPI used in service health calculation C. An object in the environment that a service uses D. A predefined Splunk visualisation C. An object in the environment that a service uses
95. Which feature allows splitting KPI data by entities? A. Service templates B. Base searches C. Entity filters D. Entity splitting in KPI searches C. Entity filters
96. What is the purpose of importing entities into ITSI? A.To create new Splunk dashboards B. To delte inactive entities C. To automate entity creation and updates D. To modify existing service dependencies C. To automate entity creation and updates
97. What is a KPI base search in ITSI? A. A search for anomaly detection data B. A search used only for predefined templates C. A search that defines how KPIs are split by entities D. A search that selects a set of events or metric values from KPIs D. A search that selects a set of events or metric values from KPIs
98. What is the primary purpose of aggregation policies in ITSI? A. To group notable events into actionable episodes B. To create new KPIs for services C. To configure data ingestion settings D. To disable unused correlation searches A. To group notable events into actionable episodes
Created by: smartydo
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards