IBM Security QRadar SIEM V7.4.3 Deployment v1.0

Page:    1 / 5   
Exam contains 68 questions
Expand All

Which additional license is required to use the Am I Affected scan in the IBM Security QRadar Threat Intelligence app?

  • A. IBM Security QRadar Console license
  • B. IBM Security QRadar QVM license
  • C. IBM Watson license
  • D. IBM Advanced Threat Protection Feed license


Answer : C

Which statement about the Extensions Management tool in QRadar is true?

  • A. The Extensions Management tool can be used to add a log source.
  • B. The Extensions Management tool cannot be used to export content out of QRadar.
  • C. QRadar can be updated by using the Extensions Management tool.
  • D. CSV extensions can be imported into QRadar.


Answer : D

A company plans to collect event data from two remote sites that have slow WAN links. These remote sites do not generate many events per second. The company’s deployment professional wants to deploy a system that can use EPS limiters to send events to the Event Processor to overcome WAN limitations.
What type of appliance can be used to meet this requirement?

  • A. Packet Capture appliance
  • B. Data Gateway
  • C. Flow Collector
  • D. Disconnected Log Collector


Answer : C

Which QRadar log file contains information about the rates of EPS?

  • A. /var/log/eps.log
  • B. /var/qradar.log
  • C. /var/log/qradar.log
  • D. /var/log/qradar.old


Answer : C

Which of these views is provided by the DSM Editor?

  • A. Event Mappings tab, Flow tab, Protocols
  • B. Workspace, Event Mappings tab, Configuration tab
  • C. Dashboard, Event properties, Configuration tab
  • D. Workspace, Flow tab, Event properties


Answer : A

Which statement about IBM-validated QRadar content extensions is true?

  • A. They are only downloaded from IBM approved third-party portals.
  • B. They can be downloaded from IBM X-Force Fix Central.
  • C. They are restricted by the type of QRadar license that is acquired.
  • D. They are hosted on the IBM X-Force Exchange portal.


Answer : B

A QRadar deployment professional needs to add a managed host to help reduce the load on the QRadar Console.
The managed host should have local storage and also use the QRadar Custom Rule Engine.
Which managed host does the deployment professional add?

  • A. Event Collector
  • B. App Host
  • C. Disconnected Log Collector
  • D. Event Processor


Answer : D

The /store for a QRadar HA setup was migrated to a Fibre Channel device. High Availability is not needed on this cluster, and it needs to be disconnected.
What changes are required before disconnecting the HA cluster in this scenario?

  • A. Edit the /etc/fstab on only the primary HA host to remove the noauto option from /store and /storetmp.
  • B. Edit the /etc/fstab on only the secondary HA host to remove the noauto option from /store and /storetmp.
  • C. Edit the /etc/fstab on the primary HA host and secondary HA host to remove the noauto option from /store and /storetmp.
  • D. No changes are required before disconnecting the HA cluster.


Answer : C

A deployment professional is about to add a secondary appliance to a QRadar high availability deployment. It is confirmed that both the primary and the secondary appliances are on the same QRadar version. However, the hardware configuration of both appliances is different.
What must be confirmed before adding the secondary appliance to the high availability deployment?

  • A. The combined size of the /store and /transient partitions on the primary host must be larger than the /store partition on the secondary host.
  • B. The secondary host must use a different management interface than the primary HA host.
  • C. The primary host must contain more physical interfaces than the secondary.
  • D. The combined size of the /store and /transient partitions on the secondary host must be equal to or larger than the /store partition on the primary host.


Answer : D

Which of these items is updated when vulnerability scan results from third-party vulnerability scanners are imported into QRadar?

  • A. Assets
  • B. Flow sources
  • C. Event sources
  • D. Vulnerability scanner sources


Answer : C

Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the “and when the source IP is one of the following” test to include the IP addresses of the following scanners.

VA Scanners -

Authorized Scanners -
What type of editable building block is described?

  • A. BB:HostDefinition: Authorized ScannersSource IP
  • B. BB:HostDefinition: VA Scanner Source IP
  • C. BB:NetworkDefinition: Server Networks
  • D. BB:HostDefinition: Proxy Servers


Answer : C

What app can be used in QRadar to visualize offenses, network data, threats, and malicious behavior provide insights and analysis about a network?

  • A. Threat Intelligence
  • B. Use Case Manager
  • C. Pulse
  • D. Vulnerability Insights


Answer : B

DRAG DROP -
What is the correct order of these steps to get the X-Force API Access Key and Password?



Answer : 5,1,3,2,6,4

A QRadar deployment professional needs to transfer the configuration of a distributed environment (one Console and one EP, not using HA) onto an All-in-One (AIO) system to run some forensics against data that will be added later.
What approach should the deployment professional suggest for building the new AIO?

  • A. Use rsync to transfer the contents of the /store partition to the new system.
  • B. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed by use of the GUI.
  • C. Because the destination environment does not have the same number of appliances, the only option is to use the content management tool (CMT) to transfer the security configuration.
  • D. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed only by use of back-end PSQL commands.


Answer : D

Where does QRadar display R2R events?

  • A. The Network Activity tab
  • B. The Remote Services window
  • C. The Tuning interface in the Use Case Manager app
  • D. The Testing interface in the Log Source Manager app


Answer : C

Page:    1 / 5   
Exam contains 68 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy