C1000-140 無料問題集「IBM Security QRadar SIEM V7.4.3 Deployment」

（A）Audit-log

（B）SIM Audit-2

（C）SIM-Audit-log

（D）Health Metrics-2

（A）No changes are required before disconnecting the HA cluster.

（B）Edit the /etc/fstab on only the primary HA host to remove the noauto option from /store and /storetmp.

（C）Edit the /etc/fstab on the primary HA host and secondary HA host to remove the noauto option from /store and /storetmp.

（D）Edit the /etc/fstab on only the secondary HA host to remove the noauto option from /store and /storetmp.

（A）The Testing interface in the Log Source Manager app

（B）The Remote Services window

（C）The Tuning interface in the Use Case Manager app

（D）The Network Activity tab

（A）The Extensions Management tool can be used to add a log source.

（B）QRadar can be updated by using the Extensions Management tool.

（C）The Extensions Management tool cannot be used to export content out of QRadar.

（D）CSV extensions can be imported into QRadar.

（A）Excessive events in a spike cause a System Notification that advises the customer to increase their EPS license allocation.

（B）QRadar EPS license allocation is implemented with a hard cutoff to ensure resources are not saturated.

（C）QRadar EPS licensing is measured as an average over a 24-hour period, which allows spikes to be handled gracefully.

（D）During the spike, excess events are written to a queue, and they are processed after the EPS rate drops.

（A）Flow Collector

（B）Data Gateway

（C）Disconnected Log Collector

（D）Packet Capture appliance