Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

IBM C1000-055 IBM QRadar SIEM V7.3.2 Deployment Exam Practice Test

Demo: 9 questions
Total 60 questions

IBM QRadar SIEM V7.3.2 Deployment Questions and Answers

Question 1

A company has a large network with multiple segments. The manufacturing area network and the research and development (R&D) area network are separated from the product area network, and the customer does not want to run scanners through firewalls. A deployment professional has been tasked with proposing a strategy to ensure vulnerability assessment operations cover all company assets.

In addition to a scanner in the production area network, which option should the deployment professional follow?

Options:

A.

Deploy a hosted IBM scanner appliance in the manufacturing area network and in the R&D area network.

B.

Deploy a vulnerability manager on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

C.

Deploy a vulnerability scanner on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

D.

Deploy a vulnerability processor on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

Question 2

A deployment professional needs to clear out the Asset Database in IBM QRadar. Which service on the Console is restarted when script cleanAssetModel.sh is executed?

Options:

A.

PostgressDB

B.

Hostcontext

C.

Hostservices

D.

Tomcat

Question 3

As a small company has grown, no standard was defined. Each time the network was expanded, the bid with the lowest cost was accepted. As a result, the infrastructure is a mix of equipment from different manufactures.

A deployment professional is planning on standardizing flow collection. Which flow source data format should the deployment professional use?

Options:

A.

A-Flow

B.

sFlow

C.

NetFlow

D.

J-Flow

Question 4

A deployment professional receives instructions to virtualize the currently installed QRadar SIEM All-in-One appliance and to provide requirements. VM specifications must suffice for 4000 EPS.

What are the minimum processor and memory requirements that the deployment professional must use?

Options:

A.

128 GB Memory, 16 CPU Cores

B.

256 GB Memory, 32 CPU Cores

C.

32 GB Memory, 16 CPU Cores

D.

8 GB Memory, 4 CPU Cores

Question 5

A deployment professional sees that there are occasional spikes in the EPS (Events per second). The host has 1000 EPS allocated but the occasional spikes go up to 1185 EPS.

What happens with the events when they go over the allocated amount?

Options:

A.

Events are shown normally, but no offenses are generated.

B.

Events are moved to a temporary queue.

C.

Events are shown normally, QRadar has 20% buffer.

D.

Events are dropped.

Question 6

A deployment professional has been asked to ensure the system can be integrated with another system which contains lists of IP addresses and CIDR ranges in an automated manner, to allow rules to target specific communication endpoints.

Which part of QRadar is designed to hold and manage this data?

Options:

A.

Domain Definition

B.

Network Hierarchy

C.

Asset Profiles

D.

Building Blocks

Question 7

A deployment professional needs to implement a crossover cable in the high availability (HA) environment. By doing so, this QRadar deployment isolates what kind of traffic over the crossover connection?

Options:

A.

event

B.

flow

C.

query

D.

HA replication

Question 8

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

Options:

A.

Use the DSM editor to ensure that the Identity Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor enable identity data for the login success event type.

B.

Use the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

C.

Use the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category "User login success".

D.

Use the DSM editor to create an expression for the Identity Username property and make sure it

parses correctly. It is automatically applied to all events with low level category "User login success".

Question 9

A customer needs to increase the storage space that is available to an Event Processor and be able to speed up historical searches.

Which solution should the deployment professional recommend?

Options:

A.

Connect a Data Node to the Event Processor

B.

Add an Event Collector to the Event Processor

C.

Connect additional External Storage to the Event Processor

D.

Expand the storage space on the Event Processor using LVM

Demo: 9 questions
Total 60 questions