A.  

Ping a host.

B.  

Send email.

C.  

Include in RSS feed.

D.  

Run a script.

A.  

itsi_notable_archive

B.  

itsi_notable_audit

C.  

itsi_tracked_alerts

D.  

itsi_tracked_groups

A.  

Detection algorithm: Trending anomaly detection

Monitoring requirement: Produce an alert when an entity deviates from its historical behavior.

B.  

Detection algorithm: Entity cohesion anomaly detection

Monitoring requirement: Produce an alert when one entity in the KPI is not behaving similar to other entities in the KPI.

C.  

Detection algorithm: Trending anomaly detection

Monitoring requirement: Produce an alert when one entity in the KPI is not behaving similar to other entities in the KPI.

D.  

Detection algorithm: Entity cohesion anomaly detection

Monitoring requirement: Produce an alert when multiple KPIs in the service deviate from their historical behaviors.

A.  

A pre-configured default ITSI backup job is provided that can be modified, but not deleted.

B.  

ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.

C.  

kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.

D.  

ITSI backups are stored as a collection of JSON formatted files.

A.  

The “Heartbeat” KPI is not currently affecting the web service health score. Helga needs to make sure the Heartbeat KPI importance value is set to 0.

B.  

There is a cyclic dependency between the two services. Helga needs to make sure that database service doesn’t have any erroneous dependencies.

C.  

There is a cyclic dependency between the two services. Helga needs to add additional dependencies to change the dotted line to a solid line.

D.  

The “Heartbeat” KPI is not currently affecting the web service health score. Helga needs to make sure the web service KPIs’ importance are all set to 11.

A.  

_introspection

B.  

_internal

C.  

itsi_summary

D.  

itsi_notable_audit

A.  

SA-IndexCreation and SA-ITSI-Licensechecker on indexers.

B.  

SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

C.  

SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.

D.  

SA-ITSI-Licensechecker on indexers.

A.  

Copy SA-IndexCreation to all indexers.

B.  

Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.

C.  

Extract installer package into etc/apps directory of the cluster deployer node.

D.  

Extract ITSI app package into etc/apps directory of search head.

A.  

Service templates can be modified after services are instantiated from it.

B.  

Service templates contain KPIs and KPI thresholds.

C.  

Service templates can contain specific or generic entity rules.

D.  

Service templates contain domain specific dashboards and deep dives.

A.  

Automatically associate entities to services using multiple entity aliases.

B.  

All of the entities have the same identifying field name.

C.  

Being able to split a CPU usage KPI by host name.

D.  

KPI total values are aggregated from multiple different category values in the source events.

A.  

Filtering criteria

B.  

Policy version

C.  

Review order

D.  

Module rules

A.  

Text deviation and category deviation.

B.  

Text similarity and category deviation.

C.  

Text similarity and category similarity.

D.  

Text deviation and category similarity.

A.  

Entity meta-data for info and aliases should be identified and recorded as requirements.

B.  

Entities should be noted based upon Service KPI requirements such as 'by host' or 'by product line'.

C.  

Entities must be identified for every Service KPI defined and recorded in requirements.

D.  

Entities identified should be included in the entity filtering requirements, such as 'by processld' or 'by host'.

A.  

Automatically alerting when KPI value patterns change over time.

B.  

Automatically adjusting thresholds as normal KPI values change over time.

C.  

Automatically adjusting to holiday schedules.

D.  

Automatically predicting future degradation of KPI values over time.

A.  

By creating a custom etc/apps/SA-lTOA/workflow_rules. conf

B.  

By linking Entities to Service-Now configuration items.

C.  

By creating a notable event aggregation policy with a SNOW incident action.

D.  

By editing the associated correlation search and specifying an alert action.

A.  

store, product, payment type

B.  

store, season, customer age

C.  

host, browser type, software version

D.  

host, network interface, datacenter

A.  

A separate correlation search needs to be created in order to see it.

B.  

A SNMP trap will be sent.

C.  

An anomaly alert will appear in core splunk, in index=main.

D.  

An anomaly alert will appear as a notable event in Episode Review.

A.  

A view which displays a system topology overlaid with KPI metrics.

B.  

A view which describes a topology.

C.  

A dashboard which displays a system topology.

D.  

A view showing KPI values in a variety of visual styles.

A.  

If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.

B.  

If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.

C.  

If this value is set to 0, the scheduler may skip scheduled execution periods.

D.  

If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.

A.  

ITSI should not be installed on search heads that have Enterprise Security installed.

B.  

Before installing ITSI, make sure the Common Information Model (CIM) is installed.

C.  

Install the Machine Learning Toolkit app if anomaly detection must be configured.

D.  

Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.

A.  

Service templates.

B.  

Service dependencies.

C.  

Ad-hoc search.

D.  

Service swapping.

A.  

14 days old.

B.  

7 days old.

C.  

30 days old.

D.  

10 days old.

A.  

Modules are required to create entity and service import searches.

B.  

Modules are required to be able to create custom visualizations for deep dives.

C.  

Making it easy to migrate KPI base searches and related visualizations to other ITSI installations.

D.  

Creating a service template to make it easy to automatically create new services during service and entity import.

A.  

Automatically update thresholds daily to manage dynamic changes to KPI values.

B.  

Automatically adjust KPI calculation to manage dynamic event data.

C.  

Automatically adjust aggregation policy grouping to manage escalating severity.

D.  

Automatically adjust correlation search thresholds to adjust sensitivity over time.

A.  

itoa_analyst

B.  

admin

C.  

power

D.  

itoa_admin

A.  

Disable any glass tables that reference a KPI that is part of an open maintenance window.

B.  

Develop a strategy for configuring a service’s notable event generation when the service’s maintenance window is open.

C.  

Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.

D.  

Change the color of services and entities that are part of an open maintenance window in the service analyzer.

A.  

It initially shows the health scores for all services.

B.  

It initially shows the highest importance KPIs.

C.  

It initially shows all of the KPIs for a selected service.

D.  

It initially shows all the entity swim lanes.

A.  

Alerting when the values of two or more KPIs go into maintenance mode.

B.  

Alerting when the trend of two or more KPIs indicates service failure is imminent.

C.  

Alerting when two or more KPIs are deviating from their typical pattern.

D.  

Alerting when comparing the values of two or more KPIs indicates an unusual condition is occurring.