Splunk SOAR Certified Automation Developer — Question 14

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

Answer options

• A. Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
• B. Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
• C. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
• D. Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

Correct answer: A, C

Explanation

Option A is correct because access control is critical for ensuring that the right teams have the necessary permissions before the service is created. Option C is also correct as it accurately describes the storage of services and events within the ITSI framework. Options B and D, while relevant to service design, do not directly relate to the considerations needed prior to creating an ITSI Service.