IBM C1000-055 Exam Questions Instant Access

Question 1

A deployment professional is faced with the following system notification.

38750107 - The last attempt to read in rules (usually due to a rule change) has failed. Please see the message details and error log for information on how to resolve this.

What should the deployment professional do after trying to disable and enabling the rule?

ACreate a new rule without deleting the old rule.

BDelete and recreate the rule.

CModify the rule.

DBefore doing anything else, call customer support.

Answer : D

Question 2

A deployment professional is working with a client that develops their own in house applications. The customer would like to log events from these applications. Because these applications are hosted on Windows servers inside of the clients DMZ, the client wants to limit the ports on which they will allow access. All logs are written to a flat file named debugJog in the c:\app\logs folder of the host.

Which option is a developed strategy for integrating these logs with QRadar SIEM?

AInstall unmanaged Wincollect instances on the servers, create a custom DSM and use the Wincollect File Forwarder protocol to ingest events from the log file.

BInstall managed Wincollect instances on the servers, create a custom DSM and use the Wincollect Log Forwarder protocol to ingest events from the log file.

CCreate a custom DSM and use the MSRPC protocol communicate with the servers and ingest the log file.

DInstall managed Wincollect instances, create a custom DSM and use the Microsoft Security Event Log DSM to create a xpath query to ingest the data.

Answer : A

Question 3

A deployment professional needs to clear out the Asset Database in IBM QRadar. Which service on the Console is restarted when script cleanAssetModel.sh is executed?

APostgress DB

BHostcontext

CHostservices

DTomcat

Answer : C

Question 4

A deployment professional configures QRadar auto-update with the automatic install option for all update types where automatic install is available.

Assuming all auto-update installations are successful, which update types will need manual installation?

AMajor updates, scanner and protocol updates

BConfiguration updates and WinCollect updates

CApplication updates and major updates

DApplication updates, DSM, scanner and protocol updates

Answer : D

Question 5

A deployment professional needs to add a new log source using Log File protocol. Which option is valid for retrieving files?

ASyslog

BSNMP

CTFTP

DSFTP

Answer : D

Question 6

An application developer is working on a reporting tool that fetches and visualizes data from multiple data sources. The deployment professional is asked to explain how to make authenticated requests on QRadar using its REST API interface.

Which authentication method is supported by QRadar's REST API?

AAuthorization token in an HTTP header

BAuthorization token in an LTPA token

CAuthorization token in an HTTP query string

DAuthorization token in an JWT token

Answer : D

Question 7

A deployment professional needs to ensure that in high-security unidirectional networks (also known as data diodes), logs are collected from different log sources.

Which option should the deployment professional use?

AAn IBM QRadar Packet Capture solution

BAn IBM QRadar Data Node

CA Disconnected Log Collector of IBM QRadar

DAn IBM QRadar Event Processor

Answer : A

IBM QRadar SIEM V7.3.2 Deployment C1000-055 Exam Questions