IBM C1000-055 Exam Practice Test Instant Access

Question 1

A deployment professional is challenged with incomplete report results. The report is being created but it not displaying all data.

What would be the first thing the deployment professional would do to determine whether or not the report is incomplete?

ARun a search again from the network activity tab.

BReview notification messages for incomplete report data.

CRun a search again from the log activity tab.

DRun the report manually.

Answer : C

Question 2

A deployment professional is redesigning the existing deployment to add a event processor due to an increased event rate. The deployment professional observes the events per second (EPS) to be a collective 30,000 EPS from two event collectors (EC1 and EC2) and sometimes exceeds the EPS capacity. EC1 and EC2 are in same network segment.

Considering there are more licenses available than needed in the license pool, which processor should the deployment professional replace the event collector(s) with?

AReplace EC1 with one QRadar Event Processor 1648

BReplace EC1 and EC2 with one QRadar Event Processor 1605

CReplace EC1 and EC2 with one QRadar Event Processor 1629

DReplace EC1 with one QRadar Event Processor 1605

Answer : C

Question 3

QRadar is configured to periodically update an IP address list from a 3rd party threat intelligence provider using the Threat Intelligence app. The IP address data is used in a CRE rule to create an offense in case a connection attempt toward any IP address on the list is seen.

Which QRadar component stores the collected IP address data?

ABuilding Block

BX-Force Threat Feed

CReference Set

DCustom Rule

Answer : B

Question 4

A deployment professional configures domain definitions for events in a multi-tenant QRadar environment. The domain assignments for tenants, flows, VA scanners, reference data, network hierarchy items are already configured.

Which is the order of precedence between the incoming event's attributes when evaluating its domain assignment?

ACustom Properties, Network Hierarchy, Log Source, Event Collector

BTenant, Log Source, Network Hierarchy, Log Source Group

CTenant, Network Hierarchy. Log Source, Event Collector

DCustom Properties, Log Source, Log Source Group. Event Collector

Answer : C

Question 5

The client implemented a QRadar Network Insights (QNI), and is looking to add post-incident investigations and threat hunting activities.

What should the deployment professional recommend?

AAn additional QRadar Incident Forensics is required.

BAn additional QRadar Network Inspector is required.

CExisting appliances will suffice.

DAn additional QRadar Flow processor is required.

Answer : D

Question 6

A deployment professional has been asked to create some Reference Data to identify activity on executive's email addresses. The customer has provided the list of the current email addresses and has stated that these need to be updated from time to time as the organization changes. Changes should be handled in the standard Graphical User Interface (GUI) of the QRadar Console.

Which Reference Data should the deployment professional create for this purpose?

AReference Map

BReference Set

CReference Table

DReference Map Of Sets

Answer : B

Question 7

As a small company has grown, no standard was defined. Each time the network was expanded, the bid with the lowest cost was accepted. As a result, the infrastructure is a mix of equipment from different manufactures.

A deployment professional is planning on standardizing flow collection. Which flow source data format should the deployment professional use?

AA-Flow

BsFlow

CNetFlow

DJ-Flow

Answer : B

IBM C1000-055 IBM QRadar SIEM V7.3.2 Deployment Exam Practice Test