Question No : 1
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

• A.6 months.
• B.9 months.
• C.1 year.
• D.3 months.

Show Answers

Answer:
Explanation:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections

Question No : 2
In maintenance mode, which features of KPIs still function?

• A.KPI searches will execute but will be buffered until the maintenance window is over.
• B.KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
• C.New KPIs can be created, but existing KPIs are locked.
• D.KPI calculations and threshold settings can be modified.

Show Answers

Answer:
Explanation:
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question No : 3
Which of the following describes entities? (Choose all that apply.)

• A.Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.
• B.An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.
• C.Multiple entities can share the same alias value, but must have different role values.
• D.To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in Service”.

Show Answers

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/KPIfilter

Question No : 4
Which of the following is a characteristic of base searches?

• A.Search expression, entity splitting rules, and thresholds are configured at the base search level.
• B.It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.
• C.The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
• D.The base search will execute whether or not a KPI needs it.

Show Answers

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question No : 5
What is the main purpose of the service analyzer?

• A.Display a list of All Services and Entities.
• B.Trigger external alerts based on threshold violations.
• C.Allow Analysts to add comments to Alerts.
• D.Monitor overall Service and KPI status.

Show Answers

Answer:

Question No : 6
Which of the following is a recommended best practice for service and glass table design?

• A.Plan and implement services first, then build detailed glass tables.
• B.Always use the standard icons for glass table widgets to improve portability.
• C.Start with base searches, then services, and then glass tables.
• D.Design glass tables first to discover which KPIs are important.

Show Answers

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview

Question No : 7
Anomaly detection can be enabled on which one of the following?

• A.KPI
• B.Multi-KPI alert
• C.Entity
• D.Service

Show Answers

Answer:
Explanation:
Enable anomaly detection to identify trends and outliers in KPI search results that might indicate an issue with your system.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD

Question No : 8
Which of the following items apply to anomaly detection? (Choose all that apply.)

• A.Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.
• B.A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
• C.Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
• D.There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Show Answers

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD

Question No : 9
Which of the following describes a way to delete multiple duplicate entities in ITSI?

• A.Via c CSV upload.
• B.Via the entity lister page.
• C.Via a search using the | deleteentity command.
• D.All of the above.

Show Answers

Answer:
Explanation:
Import entities from CSV files that contain one or more entity definitions. Importing entities from CSV files is an efficient way to define multiple entities.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Entity/ImportCSV

Question No : 10
Which of the following is a valid type of Multi-KPI Alert?

• A.Score over composite.
• B.Value over time.
• C.Status over time.
• D.Rise over run.

Show Answers

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA