IBM C1000-140 Exam Questions Instant Access

Question 1

Which item can be used in the configuration of a domain in QRadar?

AThe tenant that owns the log source that the event is allocated to

BThe network the event comes from

CA custom event property in an event

DThe type of the log source that the event is allocated to

Answer : A

Question 2

What is an approach to tuning a ''noisy'' rule, that is, a rule that generates too many offenses?

ADetermine whether the rule matches too many conditions in the traffic.

BIn the offense output, scroll down and review the ''Excessive'' flags.

CConfirm that the rule is enabled.

DUse the QRadar Pulse app to map noisy offense output.

Answer : A

Question 3

Which industry standard security framework is incorporated into the QRadar 7.4.3 environment, which allows the QRadar deployment professional to link rules and building blocks to coverage in the framework?

ALockheed Martin Cyber Kill Chain

BUS DoD Diamond Model

CNIST Cybersecurity Framework

DMITRE ATT&CK

Answer : B

Question 4

On a Microsoft Windows 2019 server, a WinCollect agent is installed, which polls events locally. Its profile is set to Maximum EPS and the average EPS is 5000.

What is the minimum RAM requirement for this Windows 2019 server?

A8 GB

B2 GB

C4 GB

D6 GB

Answer : D

https://www.ibm.com/docs/en/qsip/7.4?topic=10-hardware-software-requirements-wincollect-host

Question 5

For tenant data retention, what is the maximum number of buckets for shared data that can be created per tenant?

B10

CNo limit

D20

Answer : C

Question 6

What approach does QRadar take when it imposes EPS license (not hardware) limits on events that temporarily spike above that limit?

AExcessive events in a spike cause a System Notification that advises the customer to increase their EPS license allocation.

BQRadar EPS license allocation is implemented with a hard cutoff to ensure resources are not saturated.

CDuring the spike, excess events are written to a queue, and they are processed after the EPS rate drops.

DQRadar EPS licensing is measured as an average over a 24-hour period, which allows spikes to be handled gracefully.

Answer : D

Question 7

For tenant data retention, what is the maximum number of buckets for shared data that can be created per tenant?

B10

CNo limit

D20

Answer : B

IBM Security QRadar SIEM V7.4.3 Deployment C1000-140 Exam Questions