IBM C1000-055 Exam Practice Test Instant Access

Question 1

A customer has a Network Vulnerability Scanner which is not supported by IBM QRadar.

How can a deployment professional integrate such a scanner with IBM QRadar?

ACreating a uDSM using the DSM Editor

BUsing the AXIS Scanner option of IBM QRadar

CBy creating a Log Source Extension (LSX)

DUsing a Custom Flow Source

Answer : B

Question 2

The iSCSI offboard storage is being configured. Which sequence should be used?

AStop services on QRadar > Mount iSCSI file system > Migrate the data to iSCSI > Configure iSCSI

BStop services on QRadar > Migrate the data to iSCSI > Configure iSCSI > Mount iSCSI file system

CConfigure iSCSI > Stop services on QRadar > Migrate the data to iSCSI > Mount iSCSI file system

DStop services on QRadar > Configure iSCSI > Mount iSCSI file system /store > Migrate the data to iSCSI

Answer : C

Question 3

A deployment professional decides to improve visibility in the network and successfully installs the Flow Collector.

What should the deployment professional connect the Flow Collector to?

AWAN port

BSPAN port

CLAN port

DSAN port

Answer : B

Question 4

A company has a large network with multiple segments. The manufacturing area network and the research and development (R&D) area network are separated from the product area network, and the customer does not want to run scanners through firewalls. A deployment professional has been tasked with proposing a strategy to ensure vulnerability assessment operations cover all company assets.

In addition to a scanner in the production area network, which option should the deployment professional follow?

ADeploy a hosted IBM scanner appliance in the manufacturing area network and in the R&D area network.

BDeploy a vulnerability manager on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

CDeploy a vulnerability scanner on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

DDeploy a vulnerability processor on a QRadar Managed Host in the manufacturing area network and in the R&D area network.

Answer : D

Question 5

A deployment professional needs to create Identity Excluded Searches so as to prevent specific Asset entries from being created. These Asset entries are being created from the events that the QRadar deployment is receiving from different Log Sources.

To add to these Identity Excluded Searches, which type of Saved Searches should be created?

ASearches containing last 15 Minutes Data

BSearches containing last 24 Hours data

CSearches containing last 7 Days data

DReal Time Searches

Answer : D

Question 6

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

AUse the DSM editor to ensure that the Identity Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor enable identity data for the login success event type.

BUse the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

CUse the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category 'User login success'.

DUse the DSM editor to create an expression for the Identity Username property and make sure it
parses correctly. It is automatically applied to all events with low level category 'User login success'.

Answer : D

Question 7

A deployment professional is creating an architecture for a customer who has locations which regularly go out of contact with the rest of the network. The requirement is to receive logs locally and then have a scheduled connection to QRadar to upload the events.

Which QRadar appliances should be deployed in these locations?

ADisconnected Log Collector with UDP configured

B15xx Event Collector with a Store and Forward schedule

C16xx Event Processor with a Store and Forward schedule

D31 xx All-in-One with Online Forwarding configured

Answer : C

IBM C1000-055 IBM QRadar SIEM V7.3.2 Deployment Exam Practice Test