Black Friday / Cyber Monday Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

IBM C1000-140 Dumps

Page: 1 / 6
Total 62 questions

IBM Security QRadar SIEM V7.4.3 Deployment Questions and Answers

Question 1

A deployment professional needs to troubleshoot a QRadar application that is not working.

Which tool can be used to aid the troubleshooting of containers and container management on the QRadar Console or App Host?

Options:

A.

qdocker ps

B.

qapp_debug.sh

C.

recon

D.

q_trev.sh

Question 2

Where does QRadar display R2R events?

Options:

A.

The Network Activity tab

B.

The Remote Services window

C.

The Tuning interface in the Use Case Manager app

D.

The Testing interface in the Log Source Manager app

Question 3

During an App Host migration, a deployment professional needs to ensure that all the apps are stopped.

Which task will stop the apps from running?

Options:

A.

Use the QRadar API

B.

Use the Log Activity tab

C.

Reinstall the apps

D.

Go to each app’s configuration

Question 4

Which of these views is provided by the DSM Editor?

Options:

A.

Event Mappings tab, Flow tab, Protocols

B.

Workspace, Event Mappings tab, Configuration tab

C.

Dashboard, Event properties, Configuration tab

D.

Workspace, Flow tab, Event properties

Question 5

What is the correct order of these steps to get the X-Force API Access Key and Password?

as

Options:

Question 6

A company plans to collect event data from two remote sites that have slow WAN links. These remote sites do not generate many events per second. The company’s deployment professional wants to deploy a system that can use EPS limiters to send events to the Event Processor to overcome WAN limitations.

What type of appliance can be used to meet this requirement?

Options:

A.

Packet Capture appliance

B.

Data Gateway

C.

Flow Collector

D.

Disconnected Log Collector

Question 7

Which statement is valid about the SAML authentication feature?

Options:

A.

Users enter local credentials every time they access QRadar.

B.

You cannot use the x509 certificate, only the provided QRadar_SAML certificate.

C.

You can integrate QRadar with your corporate identity server to provide single sign-on.

D.

Authentication is exchanged by using digitally signed HTML documents.

Question 8

A QRadar deployment uses multiple domains to provide data separation between different departments in the organization.

When the tenants and users are configured, which constraints are enforced?

Options:

A.

A tenant can contain multiple domains; each domain may be in multiple tenants.

B.

A tenant can contain only one domain; each tenant can only have a single user.

C.

A tenant can contain multiple domains; each domain may only be in a single tenant.

D.

A tenant can contain only one domain; each tenant can have multiple users.

Question 9

A QRadar deployment professional designs a multi-tenant environment where each tenant is permitted a quantity of events per second (EPS).

In a discussion with the service provider (who provides the security monitoring services to each tenant), how should the deployment professional describe the licensing options available?

Options:

A.

Per-tenant EPS limits can be set, but any events over the EPS will be dropped from the pipeline; over-license buffering will not be used to handle EPS spikes.

B.

Per-tenant EPS limits can be set if the tenants are defined by event collectors. Then over-license buffering can be used to handle EPS spikes.

C.

If each domain and tenant is defined by log source groups, the EPS limit can be shared by the log source groups used for each tenant. Over-license buffering is defined at the event collector.

D.

The domain sets EPS limits, so each tenant needs to have only one domain. This way, over-license buffering can be used to handle EPS spikes.

Page: 1 / 6
Total 62 questions