IBM C1000-055 Exam Questions Instant Access

Question 1

As a small company has grown, no standard was defined. Each time the network was expanded, the bid with the lowest cost was accepted. As a result, the infrastructure is a mix of equipment from different manufactures.

A deployment professional is planning on standardizing flow collection. Which flow source data format should the deployment professional use?

AA-Flow

BsFlow

CNetFlow

DJ-Flow

Answer : B

Question 2

QRadar is configured to periodically update an IP address list from a 3rd party threat intelligence provider using the Threat Intelligence app. The IP address data is used in a CRE rule to create an offense in case a connection attempt toward any IP address on the list is seen.

Which QRadar component stores the collected IP address data?

ABuilding Block

BX-Force Threat Feed

CReference Set

DCustom Rule

Answer : B

Question 3

A deployment professional is working with a client that develops their own in house applications. The customer would like to log events from these applications. Because these applications are hosted on Windows servers inside of the clients DMZ, the client wants to limit the ports on which they will allow access. All logs are written to a flat file named debugJog in the c:\app\logs folder of the host.

Which option is a developed strategy for integrating these logs with QRadar SIEM?

AInstall unmanaged Wincollect instances on the servers, create a custom DSM and use the Wincollect File Forwarder protocol to ingest events from the log file.

BInstall managed Wincollect instances on the servers, create a custom DSM and use the Wincollect Log Forwarder protocol to ingest events from the log file.

CCreate a custom DSM and use the MSRPC protocol communicate with the servers and ingest the log file.

DInstall managed Wincollect instances, create a custom DSM and use the Microsoft Security Event Log DSM to create a xpath query to ingest the data.

Answer : A

Question 4

A company is currently using 2500 EPS (events per second). A deployment professional is required to plan for a large reorganization project within the company that would increase the EPS to 7500 for 5 months.

What type of licensing should the deployment professional choose?

Aprogressive

Bcumulative

Cphased

Dincremental

Answer : C

Question 5

A deployment professional configures QRadar auto-update with the automatic install option for all update types where automatic install is available.

Assuming all auto-update installations are successful, which update types will need manual installation?

AMajor updates, scanner and protocol updates

BConfiguration updates and WinCollect updates

CApplication updates and major updates

DApplication updates, DSM, scanner and protocol updates

Answer : D

Question 6

A deployment professional just installed new QRadar deployment which comes with a temporary license key.

How many days does a deployment professional have before the temporary license key expires?

A35 days from the installation date.

B15 days from the installation date.

C30 days from the installation date.

D45 days from the installation date.

Answer : C

Question 7

A deployment professional is creating an architecture for a customer who has locations which regularly go out of contact with the rest of the network. The requirement is to receive logs locally and then have a scheduled connection to QRadar to upload the events.

Which QRadar appliances should be deployed in these locations?

ADisconnected Log Collector with UDP configured

B15xx Event Collector with a Store and Forward schedule

C16xx Event Processor with a Store and Forward schedule

D31 xx All-in-One with Online Forwarding configured

Answer : C

IBM QRadar SIEM V7.3.2 Deployment C1000-055 Exam Questions