IBM C1000-140 Based on Real Exam Environment

IBM Security QRadar SIEM V7.4.3 Deployment Questions and Answers

Question 5

A QRadar deployment professional is asked to migrate the configuration of a system from Log Manager to QRadar SIEM.

How should the custom rules, saved searches, and reports be migrated?

Use the QRadar config backup and restore process to transfer all configurations.

Use the content management tool (CMT) to transfer the security configuration.

The only option is to use the GUI to manually recreate any required content.

Use rsync to transfer the contents of the /store partition to the new system.

Question 6

Which QRadar log file contains information about the rates of EPS?

/var/log/eps.log

/var/qradar.log

/var/log/qradar.log

/var/log/qradar.old

Question 7

What approach does QRadar take when it imposes EPS license (not hardware) limits on events that temporarily spike above that limit?

Excessive events in a spike cause a System Notification that advises the customer to increase their EPS license allocation.

QRadar EPS license allocation is implemented with a hard cutoff to ensure resources are not saturated.

During the spike, excess events are written to a queue, and they are processed after the EPS rate drops.

QRadar EPS licensing is measured as an average over a 24-hour period, which allows spikes to be handled gracefully.

Question 8

What must be done on all managed hosts after the restoration of a config backup on a new console?

Restart the hostcontext service

Re-add all managed hosts

Restart the docker service

Delete all users