← Back to exam page

C1000-055 IBM QRadar SIEM V7.3.2 Deployment

Loading demo links...

Showing 4–6 of 8 questions

Question 4

The client implemented a QRadar Network Insights (QNI), and is looking to add postincident investigations and threat hunting activities.

What should the deployment professional recommend?

Select an option, then click Submit answer.

  • An additional QRadar Incident Forensics is required.

  • An additional QRadar Network Inspector is required.

  • Existing appliances will suffice.

  • An additional QRadar Flow processor is required.


Question 5

IBM Security QRadar initiates a sequence of events when a primary high-availability (HA) host fails. During failover, the secondary HA host assumes the responsibilities of the primary HA host. The following actions are completed.

1.1. If configured, external shared storage devices are detected and the file systems are mounted.

2. 2. The secondary HA host connects to the console and downloads configuration files.

3. 3. A management interface network alias is created, for example, the network alias forethO is ethO:0.

4. 4. The cluster virtual IP address is assigned to the network alias.

5. 5. All QRadar services are started.

What is the order of the sequence?

Select an option, then click Submit answer.

  • 1,4,3,2,5

  • 1,3,4,5.2

  • 1.2,3,4,5

  • 1,4,5,3,2


Question 6

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

Select an option, then click Submit answer.

  • Use the DSM editor to ensure that the Identity Username property is correctly parsed.
    Create an expression for any available identity property and ensure it is correctly parsed.
    Also, in the DSM editor enable identity data for the login success event type.

  • Use the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

  • Use the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category "User login success".

  • Use the DSM editor to create an expression for the Identity Username property and make sure it parses correctly. It is automatically applied to all events with low level category "User login success".