IBM C1000-055 Exam Practice Test Instant Access

Question 1

IBM Security QRadar initiates a sequence of events when a primary high-availability (HA) host fails. During failover, the secondary HA host assumes the responsibilities of the primary HA host. The following actions are completed.

1.1. If configured, external shared storage devices are detected and the file systems are mounted.

2. 2. The secondary HA host connects to the console and downloads configuration files.

3. 3. A management interface network alias is created, for example, the network alias for ethO is ethO:0.

4. 4. The cluster virtual IP address is assigned to the network alias.

5. 5. All QRadar services are started.

What is the order of the sequence?

A1,4,3,2,5

B1,3,4,5.2

C1.2,3,4,5

D1,4,5,3,2

Answer : C

Question 2

During an initial deployment, three retention buckets (longret, midret. testret) were configured with the following characteristics, being (X) the number of the bucket:

longret (1): keep data in this bucket for 2 years. Delete when storage is needed.

midret (2): keep data in this bucket for 6 months. Delete when storage is needed.

testret (3): keep data in this bucket for 3 days. Delete immediately after expiration.

Default (0) retention bucket has a 3 months / delete immediately policy.

During testing last week, a significant amount of test data has been mistakenly categorized as "longret". This bucket does not contain any other important information. Everything else, including some important data, has been saved into the default bucket. How can the deployment professional remove all data stored in the "longret" bucket?

AManually delete old data from last week by issuing a rm * on /store/ariel/events/payloads/ and /store/ariel/events/records/ and select the directories containing events from the last week

BChange the longret bucket period to 10 days and deploy the changes.

CChange the system's time to 2 years in the future and wait until deletion has been made and then go back to the real system's time.

DManually delete the files ending by -1 from /store/ariel/events/payloads/ and /store/ariel/events/records/

Answer : B

Question 3

A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.

What can the deployment professional do to comply with local data laws?

AInstall Event and Flow Collectors in the European data center.

BInstall Event and Flow Processors in the European data center.

CInstall Event and Flow Processors in the United States data center.

DInstall Data Nodes in the European data center.

Answer : A

Question 4

A deployment professional needs to clear out the Asset Database in IBM QRadar. Which service on the Console is restarted when script cleanAssetModel.sh is executed?

APostgress DB

BHostcontext

CHostservices

DTomcat

Answer : C

Question 5

A customer is building a big data solution which aims to perform long term analysis of security dat

a. Security events that are processed by QRadar are also relevant for the system and according to the QRadar administrator the most straightforward option for data ingestion is to configure event forwarding on QRadar. The customer would like to make use of QRadar's parsing capability and its built-in parsers instead of developing new parsers for the big data platform. A deployment professional is asked for advice about the data format to configure for the event forwarding.

Which available option should the deployment professional propose?

ANormalized

BPayload

CXML

DJSON

Answer : A

Question 6

Two newly installed QRadar applications are creating performance issues at the console. How should the deployment professional proceed?

ADeploy one App Node, move apps from the console and test if the situation improves.

BDeploy one App Host, move apps from the console and test if the situation improves.

CDeploy two different App Hosts as both applications might need dedicated resources. App auto-balancing is enabled by default.

DDeploy two different App Nodes as both applications might need dedicated resources. App auto-balancing is enabled by default.

Answer : D

Question 7

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

AUse the DSM editor to ensure that the Identity Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor enable identity data for the login success event type.

BUse the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

CUse the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category 'User login success'.

DUse the DSM editor to create an expression for the Identity Username property and make sure it
parses correctly. It is automatically applied to all events with low level category 'User login success'.

Answer : D

IBM C1000-055 IBM QRadar SIEM V7.3.2 Deployment Exam Practice Test