IBM C1000-156 - QRadar SIEM V7.5 Administration Exam

Page:    1 / 22   
Total 109 questions

You want to use a quick filter search to look for certain elements:
10.100.100.*

BlueCoat -

TCP_REFRESH_MIS -
Which string provides the correct results?

  • A. (10.100.100.* Bluecoat TCP_REFRESH_MIS)
  • B. 10.100.100.*%Bluecoat%TCP_REFRESH_MIS
  • C. (10.100. 100.* AND Bluecoat AND TCP_REFRESH_MIS)
  • D. "10.100.100.*%AND%Bluecoat%AND%TCP_REFRESH_MIS"


Answer : C

A QRadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period.
Which method can be used to accomplish this goal?

  • A. Using the "response limiter”
  • B. Using a special rule test that limits the number of rule triggers
  • C. Tuning the rule conditions to make it trigger fewer times
  • D. Using the “execute custom action" rule response


Answer : A

Which command does an administrator run in QRadar to get a list of installed applications and their App-ID values output to the screen?

  • A. /opt/qradar/support/recon connect 1005
  • B. opt/qradar/support/deployment_info.sh
  • C. /opt/qradar/support/recon ps
  • D. /opt/qradar/support/threadTop.sh


Answer : B

When will events or flows stop contributing to an offense?

  • A. When the offense becomes inactive
  • B. After the offense is assigned to an analyst
  • C. When the offense becomes dormant
  • D. When you protect the offense


Answer : A

How many vulnerability processors can you have in your deployment?

  • A. 1
  • B. 10
  • C. 3
  • D. 5


Answer : A

Page:    1 / 22   
Total 109 questions