IBM Security QRadar SIEM V7.3.2 Fundamental Administration v1.0

Page:    1 / 4   
Exam contains 63 questions

An administrator needs to combine multiple extraction and calculation-based properties into a single property.
Which Ariel Query Language (AQL) statement can be used?

  • A. AQL-based custom properties
  • B. AQL functions and SELECT, FROM, or database names
  • C. AQL functions and AQL-based custom properties
  • D. AQL functions


Answer : A

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/c_aql_whatsnew_731.html

After fixing the assets that contributed to the asset growth deviation, an administrator needs to find the asset artifacts that have to be cleaned up.
What action should the administrator take to find the artifacts?

  • A. On the ג€Log Activityג€ tab, run the ג€Deviating Asset Growth: Asset Report event searchג€
  • B. On the Admin Tab, select System Configuration --> Asset Profiler Configuration
  • C. Run the ./cleanAssets.sh --list command
  • D. On the Asset tab, run the ג€Clean Assetsג€ action


Answer : A

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_assets_deleting_invalid_assets.html

An administrator has been tasked to run all health checks at once using the DrQ command before a major event happens, such as an upgrade.
What does the DrQ command do?

  • A. It runs all available checks in /opt/ibm/si/diagnostiq with the checkup mode and with the summary output mode.
  • B. It shows all the available drives on the QRadar managed host.
  • C. It runs all available checks in /opt/ibm/si/diagnostiq and writes the results in a txt file.
  • D. It checks all the available drives on the QRadar managed host and writes the results on a txt file.


Answer : A

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_drq_running_health_checks.html

An administrator needs to add, delete and modify user accounts.
When deleting a user, what dependency checks are carried out?

  • A. Custom Rules, Historical Correlation Profiles, Security Profiles
  • B. Custom Rules, Report and Search Criteria, Security Roles
  • C. Custom Rules, Security Profiles, Report and Search Criteria
  • D. Custom Rules, Report and Search Criteria, Historical Correlation Profiles


Answer : D

An administrator needs to complete the upgrade process from V7.3.1 to V7.3.2.
What is the correct procedure?

  • A. Copy the ISO file extension to the recommended directories and use this file
  • B. Use the ISO file to execute the upgrade process
  • C. Do a clean installation using the ISO file on a bootable USB device
  • D. Copy the SFS file extension to the recommended directories and use this file


Answer : D

Reference:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_up_ugrad_sys.html

An administrator would like to categorize discovered assets by port definitions and add this information to a server type building block for further use.
Which QRadar Console functionality should the administrator use?

  • A. Assets Tab ג€" Actions - Scan
  • B. Assets Tab ג€" Server Discovery
  • C. Admin Tab ג€" Auto Update
  • D. Admin ג€" Scheduled Scans


Answer : B

Reference:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1/com.ibm.qradar.doc/b_qradar_tuning_guide.pdf

An administrator wants to upload a file with information related to network hierarchy instead of using the GUI wizard.
How can the administrator do this?

  • A. Install application ג€Network Hierarchy Management for QRadarג€
  • B. Upload file using REST API
  • C. Modify /opt/qradar/conf/remotenet.conf
  • D. Use upload button in Network Hierarchy wizard


Answer : A

Reference:
https://www.ibm.com/support/pages/qradar-restoring-network-hierarchy-using-network-hierarchy-management-qradar-app-updated

What should an administrator do to successfully upgrade an IBM Security QRadar system from an older version?

  • A. Verify the upgrade path, and review the software, hardware and high availability requirements.
  • B. Verify the upgrade path and update the QRadar apps.
  • C. Review the release notes and review the architecture.
  • D. Review the software, hardware and high availability requirements, and consider to update the firmware on IBM Security QRadar appliances.


Answer : A

Reference:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/b_qradar_upgrade.pdf
(9)

An administrator has reviewed the list of new features in the QRadar V7.3.2 release notes, and decides to upgrade their system to this version.
What is the minimum supported version that the administrator can upgrade from?

  • A. 7.2.6
  • B. 7.3.0
  • C. 7.3.1
  • D. 7.2.8


Answer : A

Reference:
https://www.ibm.com/support/pages/release-qradar-v732-sfs-73220190201201121

A company has several appliances and the administrator needs to copy a file to all appliances to run some tests to verify the integrity of the processes. The /opt/ qradar/support/all_servers.sh script can be used to issue commands to all QRadar appliances within the deployment.
What option must be used with the script to copy the file to all appliances in the deployment?

  • A. /opt/qradar/support/all_servers.sh -p
  • B. /opt/qradar/support/all_servers.sh -k
  • C. /opt/qradar/support/all_servers.sh -C
  • D. /opt/qradar/support/all_servers.sh -g


Answer : A

Reference:
https://www-01.ibm.com/support/docview.wss?uid=swg21998517

An administrator enabled the base license of QRadar Vulnerability Manager.
How many assets can be scanned using this license?

  • A. up to 128
  • B. up to 256
  • C. up to 100
  • D. up to 512


Answer : B

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/c_qvm_deploy.html

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module (DSM), a protocol, or Vulnerability Information Services
(VIS) components, the following error message appears.
An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem persists, please contact customer support for assistance.
What action should the administrator take to troubleshoot this issue? (Choose two.)

  • A. systemctl restart snmpd
  • B. systemctl restart iptables
  • C. systemctl restart ecs-ep
  • D. systemctl start tomcat
  • E. systemctl restart httpd
  • F. Clear browser cache


Answer : DF

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.0/com.ibm.qradar.doc/t_QRadar_Troubleshooting_guide_PurgeFiles.html

What is the minimum memory in gigabyte (GB) required for a QRadar All-in-One Virtual 3199 appliance?

  • A. 128
  • B. 32
  • C. 24
  • D. 16


Answer : B

Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.qradar.doc/c_qradar_ha_vrt_ap_reqs.html

An administrator needs to develop advanced filters to retrieve information from the QRadar System pertaining to the top abnormal events of the most bandwidth- intensive IP addresses.
How can the administrator do this?

  • A. Build an AQL query using the QRadar Scratchpad
  • B. Combine GROUP BY and ORDER BY clauses in a single query
  • C. Use the IBM DataStudio to create the query
  • D. Build an AQL query using the QRadar GUI using Assets > Search Filter


Answer : B

Reference:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1/com.ibm.qradar.doc/b_qradar_aql.pdf
(21)

An administrator needs to save the nightly QRadar backups on a network storage.
The administrator has established the connection to the network storage.
What should the administrator do next?

  • A. Change the Backup Repository Path to the network storage location using the Backup Recovery Configuration window.
  • B. Change the Backup Repository Path by adding a new Network Activity Rule.
  • C. Change the Backup Repository Path to the network storage location using the System Settings window.
  • D. Configure the new network storage using the Assets Manager


Answer : A

Reference:
http://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_admin_guide.pdf
(146)

Page:    1 / 4   
Exam contains 63 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy