IBM C1000-055 시험

Question No : 1

A deployment professional is about to execute Server Discovery to populate the Host Definition Building Blocks. The deployment professional is working in a monitored environment and does not wish to set off any network scanner alarms.
What step should the deployment professional take to ensure that good results are returned and that no alarms are raised?

• A.Warn the network monitoring team that QRadar is about to run a network port scan
• B.Set the 'Passive discovery' flag in Advanced System Settings in the Admin tab
• C.Ensure that events from the relevant servers are being collected successfully
• D.Ensure that the flow sources are configured correctly and collecting data

답을 확인하기

정답:

Question No : 2

A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.
What can the deployment professional do to comply with local data laws?

• A.Install Event and Flow Collectors in the European data center.
• B.Install Event and Flow Processors in the European data center.
• C.Install Event and Flow Processors in the United States data center.
• D.Install Data Nodes in the European data center.

답을 확인하기

정답:

Question No : 3

A deployment professional is faced with the following system notification.
38750107 - The last attempt to read in rules (usually due to a rule change) has failed.
Please see the message details and error log for information on how to resolve this.
What should the deployment professional do after trying to disable and enabling the rule?

• A.Create a new rule without deleting the old rule.
• B.Delete and recreate the rule.
• C.Modify the rule.
• D.Before doing anything else, call customer support.

답을 확인하기

정답:

Question No : 4

A deployment professional receives instructions to virtualize the currently installed QRadar SIEM All-in-One appliance and to provide requirements. VM specifications must suffice for 4000 EPS.
What are the minimum processor and memory requirements that the deployment professional must use?

• A.128 GB Memory, 16 CPU Cores
• B.256 GB Memory, 32 CPU Cores
• C.32 GB Memory, 16 CPU Cores
• D.8 GB Memory, 4 CPU Cores

답을 확인하기

정답:

Question No : 5

A deployment professional configures QRadar auto-update with the automatic install option for all update types where automatic install is available.
Assuming all auto-update installations are successful, which update types will need manual installation?

• A.Major updates, scanner and protocol updates
• B.Configuration updates and WinCollect updates
• C.Application updates and major updates
• D.Application updates, DSM, scanner and protocol updates

답을 확인하기

정답:

Question No : 6

A deployment professional is asked to create QRadar deployment architecture for a company.
The company has three branch offices with WAN connection between them. The head office data center requires 14000 EPS and 200000 FPM. Each branch requires 4000 EPS and 200000 FPM.
Which deployment solution will meet the minimum requirements?

• A.QRadar 3105 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office
• B.QRadar 3129 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office
• C.QRadar 3105 (Console) and QRadar Event and Flow Processor 1829 in head office + QRadar 1805 Event and Flow Processor in each branch office
• D.QRadar 3129 (All-in-One) in head office

답을 확인하기

정답:

Question No : 7

A deployment professional needs to implement a crossover cable in the high availability (HA) environment.
By doing so, this QRadar deployment isolates what kind of traffic over the crossover connection?

• A.event
• B.flow
• C.query
• D.HA replication

답을 확인하기

정답:

Question No : 8

A deployment professional just installed new QRadar deployment which comes with a temporary license key.
How many days does a deployment professional have before the temporarylicensekey expires?

• A.35 days from the installation date.
• B.15 days from the installation date.
• C.30 days from the installation date.
• D.45 days from the installation date.

답을 확인하기

정답:

Question No : 9

A deployment professional needs to check which rules cause events to be dropped on the Console with Pipeline NATIVE_To_MPC messages.
Which script would help with this task?

• A./opt/qradar/support/findExpensiveCustomProperties.sh
• B./opt/qradar/support/findExpensiveCustomRules.sh
• C./opt/qradar/support/astat.sh
• D./opt/qradar/support/findRules.sh

답을 확인하기

정답:

Question No : 10

During a new deployment, the client states that they want to collect windows logs and forward them to QRadar, but they are already using another agent to collect logs for a managed service provider [MSP] The client would like to continue forwarding these logs to the MSP as well as send them to QRadar.
Which architectural solutions would meet the client's requirements?

• A.Install an unmanaged Wincollect instance and a setup multiple forwarding destinations to the Wincollect configuration server.
• B.Configure windows MSRPC protocol to send events to both.
• C.Install a managed Wincollect instances and setup multiple forwarding destinations.
• D.Configure Windows Event Forwarding to send events to both destinations.

답을 확인하기

정답:

Question No : 11

A deployment professional is working on integrating an unsupported log source. The log source is able to send events in multiple formats. The administrators of the log source ask which event format should be configured.
Which event format should the deployment professional choose to be able to use direct parsing support in QRadar's DSM editor?

• A.BLOB
• B.Regex
• C.LEEF
• D.SAML

답을 확인하기

정답:

Question No : 12

A deployment professional needs to configure the X-Force Threat Intelligence Feed through a web proxy to access the cloud servers hosting the information.
How should the deployment professional configure the proxy for this access?

• A.Edit the Vetc/httpd/conf.d/ssl.conf and Vopt/qradar/dca/server.ini' files on the Console and restart some services
• B.Reconfigure iptables access on each managed host to provide access to 'update.xforce-security.com' and 'license.xforce-security.com' and restart some services
• C.Complete the 'Server Config' values in the Advanced Update Configuration section of Auto Updates )
• D.Complete the 'System Proxy' values in the Advanced System Settings section of the Admin tab

답을 확인하기

정답:

Question No : 13

High availability (HA) has been configured for an event processor in a deployment. The end user gets the notification "Disk Usage Exceeded max Threshold" for the /store partition on primary host. The retention settings are "Delete data in this bucket: immediately after the retention period has expired".
What will be the behavior of the primary at this stage?

• A.Primary will stop HA disk replication and failover to Secondary
• B.Primary will keep running HA disk replication and failover to Secondary
• C.Primary will stop HA disk replication and No failover to Secondary
• D.Primary will keep running HA disk replication and No failover to Secondary

답을 확인하기

정답:

Question No : 14

A deployment professional sees that there are occasional spikes in the EPS (Events per second). The host has 1000 EPS allocated but the occasional spikes go up to 1185 EPS.
What happens with the events when they go over the allocated amount?

• A.Events are shown normally, but no offenses are generated.
• B.Events are moved to a temporary queue.
• C.Events are shown normally, QRadar has 20% buffer.
• D.Events are dropped.

답을 확인하기

정답:

Question No : 15

Some customers do not fully understand the benefits of using dedicated appliances to collect events and flows, complaining about the complexity of the deployments.
How should the deployment professional clarify any doubts that may arise?

• A.Using All-in-One appliances are a good choice for environments greater than 100.000 EP
• B.Event Processor collect events from various log sources and continuously forwards these events to an Event Collector.
• C.Dedicated event collectors when deployed in VMs include an on-board event processor that can be directly attached to an All-in-One Virtual console type 3199.
• D.The operation of the QRadar security intelligence platform consists of three layers, and applies to any QRadar deployment structure, regardless of its size and complexity.

답을 확인하기

정답: