Event Management



The ServiceNow Event Management helps you to identify health issues across the data-center on a single management console. It provides alert aggregation and root cause analysis (RCA) for discovered services, application services, and automated alert groups. Event Management is available as a separate subscription from the rest of the ServiceNow platform.


Prerequisites

 Certified ServiceNow System Administrator 

 Certified ServiceNow Application Developer
Certified ServiceNow Implementation Specialist - ITSM


Exam Questions : 



1.      View provided by Event Management Dashboard –
a.       Business-service centric view of all alerts.
2.      Dependency View  also called
a.       logical model
3.      Parent table for the technical service, application service, and discovered service tables
a.       Automated Business Services (cmdb_ci_service_auto)
4.      Additional actions menu also called
a.       hamburger menu
5.      Which feature used by MID Servers to continually query for probes to run due
a.       “long polling.”
6.      Name of the property used to set the number of seconds between event collections to apply to all event connectors; by default, 120 seconds (two minutes).
a.       evt_mgmt.connector.minimum_schedule
7.      How many baseline events rules are there for Zabbix?
a.       32
8.      What is the default behavior for incidents upon re-opening an alert?
9.      What script language is the baseline SCOM connector written in?
a.       JavaScript and Groovy
10.  Operational Intelligence requires a separate subscription activated
a.       com.snc.sa.metric.
11.  Note that by default, events are cleared out of the em_event table on a weekly basis.
12.  Example of an auto-populated Message Key:  <Source><Node><Type><Resource>
13.  The baseline Severity values are:
a.       Critical = 1, Major = 2, Minor = 3, Warning = 4, Info = 5, and Clear = 0.
14.  The script that allows you to populate incident fields from an alert is
a.       "EvtMgmtCustomIncidentPopulator"
15.  The format for the URL for REST requests sent to the MID Server for Operational Intelligence.
a.       http[https]://mid1.servicenow.com/api/mid/sa/metrics
16.  The upper and lower bounds are statistics based on probability. Both statistics shown on the Insights Explorer predict future activity based on an algorithm derived from the Chow-Liu tree probability methodology.
17.  Question on Below Event Management Roles and what they does.
a.       evt_mgmt_user(As with the Alert Console, the minimum role needed to view alerts is evt_mgmt_user.) 
b.      evt_mgmt_operator (In addition to the evt_mgmt_user permissions, can also activate operations on alerts such as acknowledge, close, open incident, run remediations.)
18.  Which Helps  to create Remediation task or Incident
a.       Task Rule E
b.      vent Rule -- Correct Answer
c.       Event Management Rule 
d.      Alert Corelation Rule
19.  Promote Anomaly alert to Real Alert  Questions
a.       On the instance, OI uses event rules to create anomaly alerts based on the anomaly events (similar to Event Management).
b.      You can use OI to open actionable alerts within Event Management processes by promoting anomaly alerts to IT alerts.
c.       The higher the anomaly score, the more confident the machine learning of Operational Intelligence is that an anomaly will happen.
d.      If the score is high enough then an anomaly alert is created.
e.       The first anomaly detected for a metric and CI pair generates an event with the mapped severity which, in turn, generates ananomaly alert (not an actual Event Management alert).
f.        Each CI and metric pair generates an anomaly alert.
g.      You can use an Alert promotion rule to automatically create actual alerts from anomaly alerts
20.  Promotion Type to promote to Anamoly alert
a.       Metric name – The metric itself, associated to any CI
b.      CI type – The CI Class, every anomaly alert for the CI Class will be promoted
c.       Configuration Item – Promote a specific CI
d.      Promotion parameter – Use regex to parse through the Additional information on an anomaly alert for promotion When metric raw data is received outside of these upper or lower bounds then an anomaly is recorded.
21.  Color question in Insight Explorer
a.       Notice the color of the dot next to the CI icon at the left. A red (critical) or orange (major) dot means a much higher anomaly score is associated with the CI, so a higher probability of anomaly exists. A green dot means the CI has a low anomaly score, signifying a small probability of an anomaly at the current time. A gray dot signifies no anomaly score has been calculated for the CI, but the CI has associated metric data.
22.  Metric to CI mapping
a.       Field Mapping use Additional_info field to map field to ServiceNow
23.  Primary User of JavaScript to create Own Connector defination to pull data from Event source
24.  Why raw data of OI is not getting passed through MID Server
a.       API key is missing or not correct in header
25.  Alert priority score is a composite of?
a.       The value of the category and its relative weight.
26.  What are Alert State : 
a.       Open, Reopen, Flapping, or Closed
27.  If the event severity is blank during processing, what will the state of Event
a.       ‘Error’.
28.  Best Practice of Event Management:
a.       Consider filtering out events at source
b.      Consider base-lining your events that represent a “normal state” to indicate standard background ‘noise’
c.       On first implementation, ignore most non-critical events
d.      Consider the key events that enable an approach of prevention rather than cure
e.       Adopt a monitoring strategy of “prevention is better than cure”
29.  What Alert console displays?

a.         By default, displays all primary, open alerts with a severity of Critical, Major, Minor, and Warning and alert not in Maintenance mode


1.      In Operational Intelligence, what module allows for automatic Alert creation from an Anomaly Alert?
a.       Alert Management Rules
b.      Event Rules
c.       Task Rules
d.      Alert Promotion Rules Answer: D
2.      In Event Management, what module allows for automatic task creation? G. Alert Management Rules
a.       Event Rules            Answer: A
b.      Task Rules
c.       Correlation Rules
3.      What methods can be used to populate the Configuration Management Database (CMDB)?
a.       Manually via Import Sets
b.      Automatically via ServiceNow Discovery application
c.       Manually by a Groovy script
d.      Automatically via ServiceNow Orchestration application
e.       Manually by importing a .csv or .txt file
Answers: A, B
4.      Which customer challenges/questions does Event Management help resolve?
a.       What devices are we using?
b.      Did we deprecate assets we do not own?
c.       What is the current state of our IT infrastructure?
d.      How do we know what servers and applications provide services?
e.       How can I automate and prioritize remediation tasks and notifications?

f.        How can we consolidate our monitoring tools into a single management system? Answers: C, E, F

No comments:

Post a comment