New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IBM C1000-156 IBM Security QRadar SIEM V7.5 Administration Exam Practice Test

Demo: 18 questions
Total 62 questions

IBM Security QRadar SIEM V7.5 Administration Questions and Answers

Question 1

Which is the default port for the first NetFlow flow source that is configured in QRadar?

Options:

A.

8413

B.

21

C.

2055

D.

514

Question 2

What Iwo things are required for an administrator to deobfuscate data in QRadar?

Options:

A.

Public key and the password for the key that is used to obfuscate data

B.

Private key and the password for the key that is used to obfuscate data

C.

Private key and public key that is used to obfuscate data

D.

Public key and thepassword for the private key that is used to obfuscate data

Question 3

You want to use a quick filter search to look for certain elements:

. 10.100.100.*

• BlueCoat

• TCP_REFRESH_MIS

Which string provides the correct results?

Options:

A.

(10.100.100.- Bluecoat TCP_REFRESH_MIS)

B.

10.100.100.*%Bluecoat%TCP_REFRESH_MIS

C.

"10.100.100.*%AND%Bluecoat%AND%TCP_REFRESH_MIS"

D.

(10.100.100/ AND Bluecoat AND TCP_REFRESH_MIS)

Question 4

An administrator opens the Offenses section and goes to Rules to edit the system notification rule. What is the rule name for system notifications?

Options:

A.

System: Notification

B.

System: Hardware and Software monitoring

C.

System: Software Notifications

D.

System: Hardware Notifications

Question 5

Which is a benefit of a lazy search?

Options:

A.

Getting results that are limited to a specific range

B.

Providing every result no matter the quantity of the search results

C.

Finding lOCs quickly

D.

Searching across domains for any configured user

Question 6

Which command can a QRadar administrator use to connect to the QRadar app container?

Options:

A.

yum info

B.

recon connect

C.

recon ps

D.

app connect

Question 7

You are using the command line interface (CLI) and need to fix a storage issue. What command do you use to verify disk usage levels?

Options:

A.

df -h

B.

Is -laF

C.

lsof -h

D.

du -h

Question 8

An administrator is reviewing the system notifications and discovers this error:

Insufficient disk space to complete data export request.

The Export Directory property in the System Settings has the default configuration.

Which disk partition does the administrator need to check?

Options:

A.

/store/ariel/events/exports

B.

/var/log/exports

C.

/storetmp/exports

D.

/store/exports

Question 9

On which managed hosts is QRadar event data stored in the Ariel database?

Options:

A.

On the Event Collector and attached Data Node

B.

On the Data Gateway and attached Data Node

C.

On the Event Processor and attached Data Node

D.

On the App Host and attached Data Node

Question 10

A ORadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period. Which method can be used to accomplish this goal?

Options:

A.

Using a special rule test that limits the number of rule triggers

B.

Using the "response limiter"

C.

Tuning the rule conditions to make it trigger fewer times

D.

Using the "execute custom action" rule response

Question 11

Which command does an administrator run in QRadar to get a list of installed applications and their App-ID values output to the screen?

Options:

A.

opt/qradar/support/deployment_info.sh

B.

/opt/qradar/support/recon ps

C.

/opt/qradar/support/recon connect 1005

D.

/opt/qradar/support/threadTop.sh

Question 12

Which is a valid statement about the process of restoring a backup archive?

Options:

A.

A configuration restore must be performed on a console where the IP address matches the IP address of a managed host in the backup.

B.

A backup archive can only be restored for the same software version, including fix pack versions.

C.

When restoring all configuration items included in the backup archive, only configuration information, offense data, and asset data are restored.

D.

A restoration might fail if you restore the configuration backup before the data backup.

Question 13

To detect outliers, which Anomaly Detection Engine rule tests events or flows for volume changes that occur in regular patterns?

Options:

A.

Behavioral rules

B.

Threshold rules

C.

Anomaly rules

D.

Building block rules

Question 14

Which profile database does the Server Discovery function use to discover several types of servers on a network?

Options:

A.

Flow profile database

B.

Network profile database

C.

Domain profile database

D.

Asset profile database

Question 15

When restoring backups of your apps in a QRadar environment, what information is restored?

Options:

A.

The last known good version of your apps configuration, your application data, and any apps that were configured on an App Host are restored.

B.

The applications that are installed on the Console are restored, and any applications that are installed on an AppHost must be backed up separately.

C.

The apps configuration, the console configuration, and app data are restored.

D.

The apps configuration and app data are restored.

Question 16

In the QRadar GUI. you notice that no new offenses were generated today. A review of the notifications shows:

MPC: Unable to create new offense. The maximum number of active offenses has been reached.

What is the default value of the maximum number?

Options:

A.

3500

B.

1500

C.

5000

D.

2500

Question 17

Before configuring a WinCollect log source, which two ports does a QRadar administrator ensure are open?

Options:

A.

514 and 8413

B.

445 and 8413

C.

443 and 8413

D.

8080 and 8413

Question 18

Which command in QRadar allows you to run a specific command inside of a specific container, when given an app ID. or a combination of workload, service, and container?

Options:

A.

ifconfig -a

B.

recon ps

C.

recon connect

D.

yum info

Demo: 18 questions
Total 62 questions