New York - 38

Estudar on-line em https://quizlet.com/_bckxme

"Given an anomaly threshold range of

1.719975 to 28.280025' which of the fol-
lowing raw data points are likely to gen-
erate anomalies?
Chose 4 answers"
A) 31.719975 a'c'e'f
B) 28.280025
C)29.000000
D) 1.719975
E) 55.517355
F) 28.290025"
When an event is bound to a server and
the cause of the alert is an application'
what is used to correctly bind the event
to the application?
CI identification rules
A) CI identification rules
B) Classifiers
C) Workflows
D) Correlation rules
If more than one alert management rule
applies to a particular alert' which of the
rules will run based upon the Order of ex-
ecution field? "A) All alert management
rule will run' from the lowest to the high-
est Order of execution numbers
B) Only the alert management rule with
the lowest Order of execution number a
will run
C) All alert management rule will run'
from the highest to the lowest Order of
execution numbers
D) Only the alert management rule with
the highest Order of execution number
will run"

The default polling time to collect events

from an event source is: "A) 5 seconds 120 seonds
B) 30 seconds
1 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
C) 60 seconds
D) 120 seconds
When performing CI Binding' which table
is queried to match the Node?
A) cmdb_ci_server
cmdb_ci_hardware
B) cmdb_ci
C) cmdb_ci_application
D) cmdb_ci_hardware"
Which of the following applications must
be enabled on the MID Server in order
to allow Operational Intelligence to build
statistical models based on metric data?
A) Discovery Service Analytics
B) EventManagement
C) ServiceMapping
D) ServiceAnalytics
E) Orchestration"
ServiceNow prospect is searching for an
agentless enterprise performance mon-
itoring tool. Should you propose Servi-
ceNow Event Management? "A) No' Ser-
viceNow Event Management receives
and processes events from existing mon-
a
itoring tools' however it does not mea-
sure performance of IT resources or ap-
plications
B) Yes' ServiceNow Event Management
does not require agents to be installed
on monitored nodes"
The Event _______________ identifies
the event and determines if an associat-
ed alert is created or updated.
A) SysId Message Key
B) Name
C) Description
D) Message Key

2 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
Which step in the event rule configu-
ration process enables you to ignore
events and prevent alert generation?
A) Event filter Event filter
B) Event options
C) Threshold
D) Transform and compose alert output
"What is the function of the External
Communication Channel (ECC) Queue?
Choose 3 answers"
A) It contains records of CIs that the Ser-
viceNow admin has submitted for entry
into the CMDB"
B) It is a connection point between a
hardware CI on a customer's network c'd'e
and the MID Server
C It saves jobs that the MID Server
needs to perform
D) It is a connection point between a Ser-
viceNow instance and the MID Server
E) It contains probe records to be execut-
ed on the customer's network
What role is required to create an Appli-
cation Service or a Technical Service?
A)evt_mgmt_integration
evt_mgmt_admin
B) evt_mgmt_user
C) evt_mgmt_operator
D) evt_mgmt_admin
"When setting up a monitoring connec-
tion definition PULL' the MID Server
must be validated and have Line of Sight
(LoS) to the monitoring system. This con-
figuration requires what?
b'c'd'f
Choose 4 answers"
A) Access credentials to the MID Server
system
B) Access credentials to the monitoring
system
3 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
C) Polling interval for scheduling access
to the target system
D) Internal IP address and port for com-
munication with the target system
E)Internal IP address and port for com-
munication with the MID Server system"
F) An active and validated MID Server
What attribute is used to consolidate
events into a single alert?
A) Event Rules
Message Key
B) Message Key
C) Alert Priority
D) Severity"
Where would you look to find and trou-
bleshoot transactions and events that
are occur on your ServiceNow instance?
A) System Log module System Log module
B) em_event table
C) State Management Logs module
D) Event Management Dashboard
If the Message Key is not populated'
the default value is created from which
fields? "A) Source' type' node' and metric
name
B) Source' source instance' node' and
type Source' type' node' resource' and metric
C) Source' type' node' resource' and name
metric name
D) Source' type' node' resource' and time
of event
E) Source' source instance' node' and
resource

How is data from source event systems

mapped from the event table into the
alert table? Event field mapping
A) Alert management rules
B) Business rules
4 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
C) Event field mapping
D) Transform maps
What is the preferred method of pars-
ing in the Transform/Compose step of an
event rule?
A) Python Regex
B) JavaScript
C) sed/awk
D) Regex
"Event Management provides baseline
connectors to receive events for pro-
cessing from which monitoring tools?
Choose 4 answers"
A) Microsoft System Center Operations
Manager
a'e'f'g
B) Polycenter Console Manager
C) Unicenter TNG
D) HP OpenVMS Manager
E) HP Operations Manager
F) SolarWinds
G) IBM Netcool
The Event Management Dashboard can
display all of the following except for
which?
A) Discovered Business Servicess
Correlation Groups
B) Application Services
C) Alert Groups
D) Technical Services
E) Correlation Groups

What is the script called that allows you

to populate incident fields from an alert?
A) EvtMgmtCustom_PostTransformHan-
dler script include EvtMgmtCustomIncidentPopulator script
B) EvtMgmtRemoteIncidentAdapter include
script include
C) MgmtCustomIncidentPopulator script
include
5 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
D) Event Management - Connector busi-
ness ruleEvt
By default' events are deleted after how
long?
A) 30 days
7 days
B) 14 days
C) 7 days
D) 1 year
Applying recommended Event Manage-
ment best practice guidelines' which of
the following alerts should be processed
first?
Alert0010003
A) Alert0010075
B) Alert0010042
C) Alert0010003
D) Alert0010074"
What does the Asynchronous Messag-
ing Bus (AMB) channel do on the MID
Server?
A) Opens an inbound connection to the
MID Server
B) Sends heartbeat information to the Continually queries the External Com-
ServiceNow instance to ensure MID is munication Channel (ECC) queue via a
communicating persistent query
C) Allows Web Server transactions to be
passed to ServiceNow
D) Continually queries the External
Communication Channel (ECC) queue
via a persistent query
How would you ensure the quality of data
in your Configuration Management Data-
base (CMDB) over time?
A) Only use the ServiceNow Discovery
application to populate your CMDB d
B) Using only scripts to automatically
monitor for and remediate duplicate con-
figuration items (Cis)
C) Manually inventorying configuration
6 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
items in the CMDB and eliminating du-
plicate configuration items (CIs)
D) Having well-defined Identification'
Reconciliation' and Relationship rules
Which is the best option to reduce laten-
cy issues when receiving events? "A) Set
event_processor_job_count = 0
B) Set bucket field on em_event table >
Set bucket field on em_event table > 0
0"
C) Set event_processor_enable_mul-
ti_node = 2
D) Set event_processor_job_count = 2
Operational intelligence displays the fol-
lowing Anomaly Map for your system.
Given the map' which of the following
is a true statement for the state of your
system? "A) During the last 6 hours' your
customized list of Cis on the left has
generated all the metric data displayed
in the map
B) During the last 6 hours' the 8 Cis listed
b
on the left are among the top 10 most
anomalous Cis in your system
C) During the last 6 hours' only the 8 CIs
listed on the left have generated anom-
alies in your system
D) During the last 6 hours' the 8 CIs
that form the datacenter077 Application
Service have generated only the critical
anomalies displayed in the map"
During CI binding' CI matching is done
using which two fields?
A) Node
Node, Additional information
B) Message Key
C) Additional information
D) Source
"What three areas of data quality does
the CMDB Health Dashboard focus on?
7 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
Choose 3 answers"
A) Conformity
B) Completeness
C) Correctness b'c'f
D) Conciseness
E) Configuration
F) Compliance"
Operational Intelligence is logging an
anomaly alert' but it is not being auto-
matically updated to an IT alert in Event
Management. What should you validate
first?
Anomaly alert promotion rules
A) Anomaly alert promotion rules
B) Event rules
C) Alert management rules
D) Metric config rules
E) Alert correlation rules
Within a PowerShell script' what
URL would you use to log events
directly to the ServiceNow event
table? "A) https://[Your_ServiceNow_in-
stance_URL]/api/table/em_event
B)
https://[Your_ServiceNow_in- https://[Your_ServiceNow_in-
stance_URL]/rest_api/now/my_ta- stance_URL]/api/now/table/em_event
bles/em_event
C) https://[Your_ServiceNow_in-
stance_URL]/api/now/table/em_event
D)
https://[Your_ServiceNow_in-
stance_URL]/rest_api/now/table/em_event"
What three pieces are required to create
a customized pull connector to retrieve
events on behalf of an event source?
Choose 3 answsers. a'd'e
A) JavaScript
B) Listener transform script
C) Web service API
8 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
D) Connector definition
E) Connector instance
F) cURL command-line tool
You have the following alert promo-
tion rule defined in your ServiceNow in-
stance. Two anomalies' anomaly A and
anomaly B (below)' occur in your system'
but only anomaly B is promoted into an
IT alert and logged on the alert con-
sole. What is the most likely cause of
this behaviour? "a) The metric_value of
anomaly B was 100.00 which triggered
the promotion into an IT alert. b
b) The anomaly_score of anomaly A was
not high enough to trigger the promotion
into an IT alert
c) The metric_upper_bound of anomaly
A was too high to trigger the promotion
into an IT alert.
d) The metric_value of anomaly A was
not high enough to trigger the promotion
into an IT alert."
What would you use to define the mon-
itoring sources allowed to communicate
with the ServiceNow instance for Opera-
tional Intelligence?
Metric Registration
A) Metric to Cl
B) Metric Config Rules
C) Metric Type Actions
D) Metric Registration
Which attribute is responsible for de-du-
plication?
A) Short_description
Message_key
B) Additional info
C) Metric name
D) Message_key
What two key steps must be performed
after creating a new connector instance?
9 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
Choose 2 answers

a) Test the connector

b) Activate the connector a'b
c) Debug the connector
d) Enter credentials for the connector
e) Assign a MID Server to the connector
Which are recommended best practices
for Event Management? Choose 3 an-
swers
A) Base-line ""normal-state"" events to
filter out background noise
B) Filter out events on ServiceNow In-
stance a'd'e
C) Promote all events to alerts during
initial implementation.
D) Filter out events at source
E) Ignore all non-critical events during
initial implementation. Add alerts over
time"
What is the best way to enable logging
to monitor and resolve issues for CMDB
Health? "a) Javascript: debug(warning)
b) Javascript: log(warning)
c) change sys_property called
d) change sys_property called d
glide.cmdb.logger.use_syslog.CMDB-
Healthglide.cmdb.log.syslog.CMDB-
Health
e) CMDB Health module has enabled
logging by default"
What is NOT a good way to access Alert
Intelligence?
a) In the navigation panel' navigate to
Event Management > Alert Intelligence c
b) In a browser' add /workspace to the
instance URL and press Enter.
c) Through Event Management
10 / 11
 New York - 38
Estudar on-line em https://quizlet.com/_bckxme
d) Open an alert in the Event Manage-
ment Dashboard
e) From the right-click menu of an alert
from the Event Management Dashboard

11 / 11