Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium IBM C1000-156 Dumps Questions Answers

Page: 1 / 5
Total 62 questions

IBM Security QRadar SIEM V7.5 Administration Questions and Answers

Question 1

A ORadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period. Which method can be used to accomplish this goal?

Options:

A.

Using a special rule test that limits the number of rule triggers

B.

Using the "response limiter"

C.

Tuning the rule conditions to make it trigger fewer times

D.

Using the "execute custom action" rule response

Buy Now
Question 2

Which is a benefit of a lazy search?

Options:

A.

Getting results that are limited to a specific range

B.

Providing every result no matter the quantity of the search results

C.

Finding lOCs quickly

D.

Searching across domains for any configured user

Question 3

An administrator opens the Offenses section and goes to Rules to edit the system notification rule. What is the rule name for system notifications?

Options:

A.

System: Notification

B.

System: Hardware and Software monitoring

C.

System: Software Notifications

D.

System: Hardware Notifications

Question 4

When creating an identity exclusion search, what time range do you select?

Options:

A.

Previous 7 days

B.

Real time (streaming)

C.

Previous 30 days

D.

Previous 5 minutes

Question 5

Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?

Options:

A.

TAXII

B.

AQL

C.

STIX

D.

JSON

E.

OSINT

Question 6

A ORadar administrator needs to upgrade the system to patch a vulnerability. In what order does the administrator upgrade the managed hosts?

Options:

A.

Any order

B.

Console followed by remaining hosts

C.

Flow Processor followed by remaining hosts

D.

Event Processor followed by remaining hosts

Question 7

Before configuring a WinCollect log source, which two ports does a QRadar administrator ensure are open?

Options:

A.

514 and 8413

B.

445 and 8413

C.

443 and 8413

D.

8080 and 8413

Question 8

In the QRadar GUI. you notice that no new offenses were generated today. A review of the notifications shows:

MPC: Unable to create new offense. The maximum number of active offenses has been reached.

What is the default value of the maximum number?

Options:

A.

3500

B.

1500

C.

5000

D.

2500

Question 9

Which is the default port for the first NetFlow flow source that is configured in QRadar?

Options:

A.

8413

B.

21

C.

2055

D.

514

Question 10

An administrator would like to optimize event and flow payload searches for log data that is stored for up to a month. What does an administrator need to do to achieve that requirement?

Options:

A.

Perform a clean on the search model.

B.

Configure the retention period for property indexes.

C.

Configure the retention period for payload indexes.

D.

Configure the retention period for search indexes.

Question 11

From which site can you download software updates for QRadar?

Options:

A.

IBM Fix Central

B.

IBM X-Force Exchange

C.

IBM Passport Advantage Online

D.

QRadar 101

Question 12

What parameter contributes to the magnitude score of an offense?

Options:

A.

Confidentiality

B.

Availability

C.

Integrity

D.

Credibility

Question 13

When adjusting a custom email template, which two elements do you edit to include the customizations?

Options:

A.

B.

C.

D.

Question 14

Which two (2) data sources can be assigned to a domain in the Domain Management function?

Options:

A.

Users

B.

Rules

C.

Flow collectors

D.

Log sources

E.

X-Force Integration Feed

Question 15

From which two (2) resources can an administrator download QRadar security content?

Options:

A.

QRadar Application Repository

B.

IBM Applications Database

C.

IBM Fix Central

D.

IBM App Central

E.

IBM Security App Exchange

Question 16

Which field is mandatory when you use the DSM Editor to map an event to a OID?

Options:

A.

High-level Category

B.

Low-level Category

C.

Event Category

D.

Event ID

Question 17

What is the primary method used by QRadar to alert users to problems?

Options:

A.

System Notifications

B.

System Summary

C.

Use Case Manager

D.

QRadar Assistant

Question 18

You analyzed network flows and decided that you want to track any network bandwidth violations by any application that comes from your network source. You want to report on all applications that create traffic and the amount of data (total bytes) from each IP. You want to store the IP address, the application, and the amount of data in the reference data collection.

What type of reference data collection must you create to support this use case?

Options:

A.

Reference map

B.

Reference map of maps

C.

Reference set

D.

Reference map of sets

Page: 1 / 5
Total 62 questions