IBM C1000-140 Exam Practice Test Instant Access

Question 1

A QRadar deployment professional designs a multi-tenant environment where each tenant is permitted a quantity of events per second (EPS).

In a discussion with the service provider (who provides the security monitoring services to each tenant), how should the deployment professional describe the licensing options available?

APer-tenant EPS limits can be set, but any events over the EPS will be dropped from the pipeline; over-license buffering will not be used to handle EPS spikes.

BPer-tenant EPS limits can be set if the tenants are defined by event collectors. Then over-license buffering can be used to handle EPS spikes.

CIf each domain and tenant is defined by log source groups, the EPS limit can be shared by the log source groups used for each tenant. Over-license buffering is defined at the event collector.

DThe domain sets EPS limits, so each tenant needs to have only one domain. This way, over-license buffering can be used to handle EPS spikes.

Answer : D

Question 2

Which app can be used to find the state (active, standby, offline, or unknown) of each appliance, the number of notifications for each host, the host name and appliance type, disk usage, status, and time changed?

AQRadar Operations

BQRadar Deployment Monitoring

CQRadar Performance Assistant

DQRadar Deployment Intelligence

Answer : C

Question 3

Which component processes unallocated syslog messages, identifies the DSMs that are installed on the system, and then assigns the appropriate log source type to a new log source?

ATraffic analysis

BAutodetect traffic

CDSM discovery analysis

DDiscovery analysis

Answer : A

https://www.ibm.com/support/pages/qradar-understanding-traffic-analysis-and-log-source-auto-detection

Question 4

On a Microsoft Windows 2019 server, a WinCollect agent is installed, which polls events locally. Its profile is set to Maximum EPS and the average EPS is 5000.

What is the minimum RAM requirement for this Windows 2019 server?

A8 GB

B2 GB

C4 GB

D6 GB

Answer : D

https://www.ibm.com/docs/en/qsip/7.4?topic=10-hardware-software-requirements-wincollect-host

Question 5

A company plans to collect event data from two remote sites that have slow WAN links. These remote sites do not generate many events per second. The company's deployment professional wants to deploy a system that can use EPS limiters to send events to the Event Processor to overcome WAN limitations.

What type of appliance can be used to meet this requirement?

APacket Capture appliance

BData Gateway

CFlow Collector

DDisconnected Log Collector

Answer : C

Question 6

Which item can be used in the configuration of a domain in QRadar?

AThe tenant that owns the log source that the event is allocated to

BThe network the event comes from

CA custom event property in an event

DThe type of the log source that the event is allocated to

Answer : A

Question 7

Which industry standard security framework is incorporated into the QRadar 7.4.3 environment, which allows the QRadar deployment professional to link rules and building blocks to coverage in the framework?

ALockheed Martin Cyber Kill Chain

BUS DoD Diamond Model

CNIST Cybersecurity Framework

DMITRE ATT&CK

Answer : B

IBM Security QRadar SIEM V7.4.3 Deployment C1000-140 Exam Practice Test