← Back to exam page

C1000-055 IBM QRadar SIEM V7.3.2 Deployment

Loading demo links...

Showing 1–3 of 8 questions

Question 1

A deployment professional has to decide where data will be stored in a newly configured environment to submit a plan for storage and network connectivity bandwidth.

Which QRadar components within a deployment can store raw or normalized events locally? (Choose two)

Select all that apply, then click Submit answer.

  • Event Processor

  • Event Collector

  • Data Node

  • Flow Collector

  • Data Diode

Question 2

A deployment professional needs to find out which rules are generating most of the offenses. What should the deployment professional do? (Choose two)

Select all that apply, then click Submit answer.

  • Use search where Log source is Custom Rule Engine-8 :: and choose Grouping by Event Name

  • Offenses -> Rules -> Sort by Offense Count

  • Offenses -> By Category

  • Use search where Log source is Health Metrics-2 :: and choose
    Grouping by Event Name

  • Generate Report "System Summary"


Question 3

A company has specific data retention policies to keep log data online for 5 years. The current QRadar storage will not handle this amount of data.

Which are possible solutions? (Choose two)

Select all that apply, then click Submit answer.

  • Migrate the QRadar /store/ariel file system to a larger off board storage device

  • Implement Data Node(s)

  • Implement Event Collector(s)

  • Implement Flow Processor(s)

  • Implement a high availability (HA) solution