IBM Security Qradar SIEM Implementation v 7.2.1 v8.0

Page:    1 / 12   
Exam contains 183 questions
Expand All

Which two formats can reports be generated in? (Choose two.)

  • A. JPEG image (JPG)
  • B. Comma Separated Values (CSV)
  • C. Microsoft Word Document (DOC)
  • D. Hypertext Markup Language (HTML)
  • E. Adobe Portable Document Format (PDF)


Answer : D,E

What options on the Reports tab allows you to import logos and specific images for use on reports?

  • A. Design
  • B. Images
  • C. Branding
  • D. Customization


Answer : C

Explanation:
References:

Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.)

  • A. One log source must have one DSM.
  • B. One DSM must have many log sources.
  • C. One log source must have many DSMs.
  • D. One DSM can have only one log source.
  • E. One DSM can be used in many log sources.


Answer : C,E

Which operating system is supported for creating a bootable flash drive for recovery?

  • A. Cisco IOS
  • B. Sun Solaris
  • C. Debian Linux
  • D. MS Windows Vista


Answer : C

Which two options are available for Override parameter when an administrator views the

Asset Profile -
Summary page? (Choose two.)

  • A. Forever
  • B. Until Next Scan
  • C. After Next Scan
  • D. Before Next Scan
  • E. After Specified Time


Answer : AB

Explanation:
References:

From the given event payload format:
You are tasked with creating a Reference Set of the second IPs in the payload.
What needs to be done to complete this task?

  • A. Create a Custom Event Property to parse the second IP in the payload. From the Log Source config for theabove event, choose "add to reference set" and select your reference set.
  • B. From the Reference Set Management screen, select "create reference set from Log Source Event". Pickthe Log Source from the drop down. Pick the Event Name from the drop down.
  • C. From the Reference Set Management screen, select "create reference set from Log Source Event". Pickthe Log Source from the drop down. Pick the Custom Event Property from the drop down.
  • D. Create a Custom Event Property to parse the second IP in the payload. Create a rule that tests for eventsfrom the Log Source that is collecting the above event, and for Rule Response add the Custom Event Property to the Reference Set.


Answer : A

What does the message in the System Notification Widget on the Dashboard "Disk Sentry:
Disk Usage exceeded max threshold" tell you?

  • A. One of your Files Systems has exceeded 92%.
  • B. One of your Files Systems has exceeded 95%.
  • C. One of your Files Systems has exceeded 98%
  • D. One of your Files Systems has exceeded 90%.


Answer : B

Explanation:
Section: (none)

Explanation -
This message is displayed when disk usage reaches 95% on any of the monitored partitions. QRadar SIEM data collection (ecs) and search processes (ariel) are shut down in order to protect the file system from reaching 100%
References:

A customer has a requirement to integrate with QRadar to capture events coming from IBM
DB2.
Which protocol should an administrator use to integrate Log Enhanced Event format
(LEEF) events while configuring Log Sources on QRadar console?

  • A. JDBC
  • B. SNMP
  • C. Syslog
  • D. Log File


Answer : C

You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to be processed by the CRE, but not stored on the system.
What will allow you to do this process?
Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing
Options, select the Forward destination that matches destination you created. Then select the 'Forward* and 'Drop* options. Save and deploy.

  • A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add aForwarding destination for 172.16.77.133 with the "Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
  • B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add aForwarding destination for 172.16.77.133 with the "Normalized Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
  • C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that,under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward' and 'Drop' options. Save and deploy.
  • D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add a


Answer : A

Which two IP Addresses are required to setup NATed environment? (Choose two.)

  • A. Public IP Address
  • B. Private IP Address
  • C. Remote IP Address
  • D. Secondary IP Address
  • E. Destination IP Address


Answer : D,E

Which two proxy options are required to be set when using a Proxy Server for Auto
Updates in QRadar?
(Choose two.)

  • A. Proxy Type
  • B. Proxy Name
  • C. Proxy Schedule
  • D. Proxy Server URL E. Proxy Port number


Answer : BD

Which two ways does QRadar Vulnerability Manager (QVM) provide examine vulnerability data? (Choose two.)

  • A. VA Scanner
  • B. Scan Results
  • C. Custom Event Rules
  • D. Manage Vulnerabilities
  • E. Audit Logs and Audit Events


Answer : BC

Explanation:
Section: (none)

Explanation -

What is the result when adding host definition building blocks to QRadar?

  • A. Creates Offenses
  • B. Reduces false positives
  • C. Makes searches run faster
  • D. Authorizes QRadar Services


Answer : B

Which two fields are required to be filled out when adding a new network to the network hierarchy? (Choose two.)

  • A. Weight
  • B. IP and CIDR
  • C. Capture Filter
  • D. Flow Source Interface
  • E. Flow Retention Length


Answer : A,D

Which two authentication methods for the QRadar User Interface are valid? (Choose two.)

  • A. SecureID
  • B. Digital Signatures
  • C. Password Authentication Protocol (PAP)
  • D. Remote Authentication Dial In User Service (RADIUS)
  • E. Terminal Access Controller Access-Control System (TACACS)


Answer : D,E

Page:    1 / 12   
Exam contains 183 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy