Splunk SOAR Certified Automation Developer — Question 26

Which of the following describes a realistic troubleshooting workflow in ITSI?

Answer options

• A. Correlation Search –> Deep Dive –> Notable Event
• B. Service Analyzer –> Notable Event Review –> Deep Dive
• C. Service Analyzer –> Aggregation Policy –> Deep Dive
• D. Correlation search –> KPI –> Aggregation Policy

Correct answer: B

Explanation

The correct answer is B because it follows a logical sequence where the Service Analyzer is used to assess the situation, leading to a review of notable events before performing a deep dive analysis. The other options do not represent an effective workflow as they either skip critical steps or do not properly sequence the troubleshooting process.