IBM QRadar SIEM V7.3.2 Deployment - C1000-055 Exam Practice Test
A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.
How can the deployment professional fulfill the requirement?
How can the deployment professional fulfill the requirement?
Correct Answer: C
Vote an answer
A deployment professional configures QRadar auto-update with the automatic install option for all update types where automatic install is available.
Assuming all auto-update installations are successful, which update types will need manual installation?
Assuming all auto-update installations are successful, which update types will need manual installation?
Correct Answer: C
Vote an answer
A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.
What can the deployment professional do to comply with local data laws?
What can the deployment professional do to comply with local data laws?
Correct Answer: D
Vote an answer
A systems team has configured their application to send syslog via tcp to a QRadar event collector. The deployment professional has noted that no such logs have arrived for the pre-defined log source.
To troubleshoot this and to prove this traffic has/has not arrived at the event collector, what command can be used from the event collector CLI?
(The Device_Address is an IPv4 address or a host name)
To troubleshoot this and to prove this traffic has/has not arrived at the event collector, what command can be used from the event collector CLI?
(The Device_Address is an IPv4 address or a host name)
Correct Answer: A
Vote an answer
QRadar is configured to periodically update an IP address list from a 3rd party threat intelligence provider using the Threat Intelligence app. The IP address data is used in a CRE rule to create an offense in case a connection attempt toward any IP address on the list is seen.
Which QRadar component stores the collected IP address data?
Which QRadar component stores the collected IP address data?
Correct Answer: C
Vote an answer
A customer is building a big data solution which aims to perform long term analysis of security data. Security events that are processed by QRadar are also relevant for the system and according to the QRadar administrator the most straightforward option for data ingestion is to configure event forwarding on QRadar.
The customer would like to make use of QRadar's parsing capability and its built-in parsers instead of developing new parsers for the big data platform. A deployment professional is asked for advice about the data format to configure for the event forwarding.
Which available option should the deployment professional propose?
The customer would like to make use of QRadar's parsing capability and its built-in parsers instead of developing new parsers for the big data platform. A deployment professional is asked for advice about the data format to configure for the event forwarding.
Which available option should the deployment professional propose?
Correct Answer: C
Vote an answer
A deployment professional configures domain definitions for events in a multi-tenant QRadar environment.
The domain assignments for tenants, flows, VA scanners, reference data, network hierarchy items are already configured.
Which is the order of precedence between the incoming event's attributes when evaluating its domain assignment?
The domain assignments for tenants, flows, VA scanners, reference data, network hierarchy items are already configured.
Which is the order of precedence between the incoming event's attributes when evaluating its domain assignment?
Correct Answer: B
Vote an answer