IBM C1000-163 Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: C1000-163
- Prüfungsname: IBM Security QRadar SIEM V7.5 Deployment
- Zertifizierungsanbieter: IBM
- Zuletzt aktualisiert am: 26.04.2025
What is a difference between a flow and an event?
- A . A flow is a record from a log source, such as a firewall or router device, that describes an action on a network. An event analysis provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.
- B . A flow occurs at a moment in time while events have a duration from a log source.
- C . An event is a record from a log source, such as a firewall or router device, that describes an action on a network. A flow record provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.
- D . An event occur at a moment in time while flows have a duration from the flow source.
Where can Building Blocks be updated in QRadar?
- A . The Pulse app
- B . The Assets tab, under Network Objects
- C . The Tuning Interface in the Use Case Manager app
- D . The Network Hierarchy icon on the QRadar Admin Console
What is correct order to start Qradar Services?
- A . hostservice>tomcat>hostcontext
- B . The order doesn’t matter
- C . hostcontext>hostservice>tomcat
- D . hostcontext>tomcat>hostservice
A QRadar deployment professional designs a multi-tenant environment where each tenant is permitted a quantity of events per second (EPS).
In a discussion with the service provider (who provides the security monitoring services to each tenant), how should the deployment professional describe the licensing options available?
- A . Per-tenant EPS limits can be set, but any events over the EPS will be dropped from the pipeline; over-license buffering will not be used to handle EPS spikes.
- B . Per-tenant EPS limits can be set if the tenants are defined by event collectors. Then over-license buffering can be used to handle EPS spikes.
- C . If each domain and tenant is defined by log source groups, the EPS limit can be shared by the log source groups used for each tenant. Over-license buffering is defined at the event collector.
- D . The domain sets EPS limits, so each tenant needs to have only one domain. This way, over-license buffering can be used to handle EPS spikes.
An analyst reviewed an active offense that was many attackers, generating many events in the same category, targeting many systems. Upon further analysis, the analyst determined that the traffic from the attackers is legitimate and should not contribute to the offenses.
Which tuning methodology guideline can the analyst use to tune out this traffic?
- A . Edit the building blocks by using the Custom Rules Editor to tune the specific event.
- B . Use the Log Source Management app to tune the category.
- C . Edit building blocks by using the Custom Rules Editor to tune the category.
- D . Use the False Positive Wizard to tune the specific event.
An offense remains in a dormant state for __________days.
- A . 5
- B . 15
- C . 10
- D . 30
Which QRadar app displays time series graphs for queries?
- A . Log Management App
- B . Pulse
- C . Threat Intelligence
- D . Assistant for Watson
Which direction value means that an undefined local Source IP accesses an external resource?
- A . R2L
- B . L2R
- C . L2L
- D . R2R
What app can be used in QRadar to visualize offenses, network data, threats, and malicious behavior provide insights and analysis about a network?
- A . Threat Intelligence
- B . Use Case Manager
- C . Pulse
- D . Vulnerability Insights
A company plans to collect event data from two remote sites that have slow WAN links.
These remote sites do not generate many events per second. The company’s deployment professional wants to deploy a system that can use EPS limiters to send events to the Event Processor to overcome WAN limitations.
What type of appliance can be used to meet this requirement?
- A . Data Gateway
- B . Disconnected Log Collector
- C . Packet Capture appliance
- D . Flow Collector