New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IBM C1000-055 IBM QRadar SIEM V7.3.2 Deployment Exam Practice Test

Demo: 9 questions
Total 60 questions

IBM QRadar SIEM V7.3.2 Deployment Questions and Answers

Question 1

A deployment professional needs to configure the IBM QRadar systems so that data is forwarded to one or more vendor systems, such as ticketing or alerting systems.

Which event format options can the deployment professional use for forwarding destination configuration?

Options:

A.

payioad, normalized and json

B.

leef, json and cef

C.

normalized, json and cef

D.

json, cef and payload

Question 2

A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.

What can the deployment professional do to comply with local data laws?

Options:

A.

Install Event and Flow Collectors in the European data center.

B.

Install Event and Flow Processors in the European data center.

C.

Install Event and Flow Processors in the United States data center.

D.

Install Data Nodes in the European data center.

Question 3

A deployment professional has been asked to ensure the system can be integrated with another system which contains lists of IP addresses and CIDR ranges in an automated manner, to allow rules to target specific communication endpoints.

Which part of QRadar is designed to hold and manage this data?

Options:

A.

Domain Definition

B.

Network Hierarchy

C.

Asset Profiles

D.

Building Blocks

Question 4

A deployment professional needs to find out which rules are generating most of the offenses. What should the deployment professional do? (Choose two)

Options:

A.

Use search where Log source is Custom Rule Engine-8 :: and choose Grouping by Event Name

B.

Offenses -> Rules -> Sort by Offense Count

C.

Offenses -> By Category

D.

Use search where Log source is Health Metrics-2 :: and choose Grouping by Event Name

E.

Generate Report "System Summary"

Question 5

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

Options:

A.

Use the DSM editor to ensure that the Identity Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor enable identity data for the login success event type.

B.

Use the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

C.

Use the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category "User login success".

D.

Use the DSM editor to create an expression for the Identity Username property and make sure it

parses correctly. It is automatically applied to all events with low level category "User login success".

Question 6

A deployment professional has been asked to create some Reference Data to be used to provide additional information in the results of Ariel Query Language (AQL) queries. The data will enable a lookup that finds the users's Department based on the username which will be returned by the required AQL function when looked up in the reference data.

Which Reference Data should the deployment professional create for this purpose?

Options:

A.

Reference Map

B.

Reference Map of Tables

C.

Reference Set

D.

Reference Map of Sets

Question 7

A deployment professional is about to execute Server Discovery to populate the Host Definition Building Blocks. The deployment professional is working in a monitored environment and does not wish to set off any network scanner alarms.

What step should the deployment professional take to ensure that good results are returned and that no alarms are raised?

Options:

A.

Warn the network monitoring team that QRadar is about to run a network port scan

B.

Set the 'Passive discovery' flag in Advanced System Settings in the Admin tab

C.

Ensure that events from the relevant servers are being collected successfully

D.

Ensure that the flow sources are configured correctly and collecting data

Question 8

During an initial deployment, three retention buckets (longret, midret. testret) were configured with the following characteristics, being (X) the number of the bucket:

longret (1): keep data in this bucket for 2 years. Delete when storage is needed.

midret (2): keep data in this bucket for 6 months. Delete when storage is needed.

testret (3): keep data in this bucket for 3 days. Delete immediately after expiration.

Default (0) retention bucket has a 3 months / delete immediately policy.

During testing last week, a significant amount of test data has been mistakenly categorized as "longret". This bucket does not contain any other important information. Everything else, including some important data, has been saved into the default bucket.

How can the deployment professional remove all data stored in the "longret" bucket?

Options:

A.

Manually delete old data from last week by issuing a rm * on /store/ariel/events/payloads/ and /store/ariel/events/records/ and select the directories containing events from the last week

B.

Change the longret bucket period to 10 days and deploy the changes.

C.

Change the system's time to 2 years in the future and wait until deletion has been made and then go back to the real system's time.

D.

Manually delete the files ending by -1 from /store/ariel/events/payloads/ and /store/ariel/events/records/

Question 9

A deployment professional needs to install a new QRadar application downloaded from the IBM Security App Exchange.

Which option would the deployment professional select from the QRadar Console GUI under Admin: System Configuration to install the downloaded application?

Options:

A.

Customization Management.

B.

Application Management.

C.

Extensions Management.

D.

Content Management.

Demo: 9 questions
Total 60 questions