C1000-163無料問題集「IBM Security QRadar SIEM V7.5 Deployment」

質問 1

What is the network interface requirement for adding a secondary HA node to the primary HA node?

（A）All the network interfaces on the primary and secondary host should be bonded.

（B）A crossover connection between the primary and secondary host is needed.

（C）The primary host cannot contain more physical interfaces than the secondary host.

（D）A crossover connection needs to be configured on all bonded interfaces.

正解：A 解答を投票する

質問 2

When prioritizing offenses to investigate, what metric is provided on the Offenses tab specifically to help influence which offenses to investigate first?

（A）Credibility

（B）Magnitude

（C）Relevance

（D）Severity

正解：B 解答を投票する

質問 3

Which item can be used in the configuration of a domain in QRadar?

（A）The tenant that owns the log source that the event is allocated to

（B）A custom event property in an event

（C）The network the event comes from

（D）The type of the log source that the event is allocated to

正解：B 解答を投票する

質問 4

After a successful upgrade, which two actions does a deployment professional perform to complete the installation?

（A）Run mount /media/updates.

（B）Rebuild the reference data.

（C）Clear the browser cache before logging in to the Console.

（D）Disconnect all managed host from the deployment.

（E）Delete the SFS file from all appliances.

正解：C、E 解答を投票する

質問 5

Consider this description: Edit the and when either the source or destination IP is one of the following test to include the broadcast addresses of the network. This change removes false positive events that might be caused by the use of broadcast messages.
What type of editable building blocks is described?

（A）BB:NetworkDefinition: DLP Addresses

（B）BB:NetworkDefinition: Darknet Addresses

（C）BB:NetworkDefinition: Broadcast Address Space

（D）BB:NetworkDefinition: Server Networks

正解：C 解答を投票する

質問 6

After working on a QRadar Support case, a set of logs is needed for further review.
Where is the script to gather those logs in case you have no UI access?

（A）/bin/qradar/support/get_logs.sh

（B）/opt/qradar/support/get_logs.sh

（C）/opt/qradar/get_logs.sh

（D）/bin/qradar/get_logs.sh

正解：B 解答を投票する

質問 7

Where are audit logs located?

（A）/opt/var/log/audit

（B）/opt/audit/logs

（C）/var/log/audit

（D）/var/audit

正解：C 解答を投票する

質問 8

What does it mean when a custom rule is partially matched in QRadar?

（A）The rule is not fully enabled.

（B）All the tests in the rule were fully matched.

（C）Not all the the tests in the rule were fully matched.

（D）The AND NOT operator is set incorrectly in the first test.

正解：C 解答を投票する

質問 9

Which of these is a valid CIDR length value to use when configuring the network hierarchy in QRadar?

（A）/124

（B）/16

（C）/256

（D）/38

正解：B 解答を投票する

質問 10

There are 10 retention buckets in Qradar SIEM. The default is placed in the last line with retention policy of 30 days. Action is set to delete the data immediately after retention period has expired. Admin creates another policy on top of the default policy to keep firewall data for 10 days.
What will happen to the data after 30 days?

（A）Everything will be erased after 30 days

（B）Firewall data will be erased after 10 days

（C）Everything will be erased after 10 days

（D）Firewall data will be erased after 30 days

正解：A 解答を投票する

C1000-163 無料問題集「IBM Security QRadar SIEM V7.5 Deployment」

弊社を連絡する

関連リンク

トップ試験