QUESTION NO: 1
There are frequent network interruptions from a particular network zone called "Underground" to the network where QRadar components are installed. Some important applications, though not time critical, are running in the "Underground" network zone. The log data from these applications needs to be sent to QRadar Event Processor for compliance.
How can QRadar receive the logs from the applications in the "Underground" network zone?
There are frequent network interruptions from a particular network zone called "Underground" to the network where QRadar components are installed. Some important applications, though not time critical, are running in the "Underground" network zone. The log data from these applications needs to be sent to QRadar Event Processor for compliance.
How can QRadar receive the logs from the applications in the "Underground" network zone?
Correct Answer: A
Vote an answer
QUESTION NO: 2
Which QRadar log file contains information about the rates of EPS?
Which QRadar log file contains information about the rates of EPS?
Correct Answer: A
Vote an answer
QUESTION NO: 3
A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system.
Which of these approaches provides an accurate copy of the required data in a readable format?
A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system.
Which of these approaches provides an accurate copy of the required data in a readable format?
Correct Answer: C
Vote an answer
QUESTION NO: 4
Which of these procedures duplicates a report from the Reports tab?
Which of these procedures duplicates a report from the Reports tab?
Correct Answer: D
Vote an answer
QUESTION NO: 5
What is the network interface requirement for adding a secondary HA node to the primary HA node?
What is the network interface requirement for adding a secondary HA node to the primary HA node?
Correct Answer: D
Vote an answer
QUESTION NO: 6
After working on a QRadar Support case, a set of logs is needed for further review.
Where is the script to gather those logs in case you have no UI access?
After working on a QRadar Support case, a set of logs is needed for further review.
Where is the script to gather those logs in case you have no UI access?
Correct Answer: A
Vote an answer
QUESTION NO: 7
Which two (2) file formats are available for exporting offenses?
Which two (2) file formats are available for exporting offenses?
Correct Answer: C,E
Vote an answer
QUESTION NO: 8
While reviewing the performance of a QRadar distributed environment, you notice an abnormal number of events that were generated in the past 24 hours:
38750088 - Performance degradation has been detected in the event pipeline. Event(s) were routed directly to storage.
As a deployment professional, you ensure that your events per second (EPS) license is adequate and verify that no changes to rules or custom properties were made in the past week.
Which of these issues can cause QRadar to generate performance degradation events?
While reviewing the performance of a QRadar distributed environment, you notice an abnormal number of events that were generated in the past 24 hours:
38750088 - Performance degradation has been detected in the event pipeline. Event(s) were routed directly to storage.
As a deployment professional, you ensure that your events per second (EPS) license is adequate and verify that no changes to rules or custom properties were made in the past week.
Which of these issues can cause QRadar to generate performance degradation events?
Correct Answer: C
Vote an answer
QUESTION NO: 9
What is the directory where a backup archive file needs to be placed so that QRadar can automatically import it?
What is the directory where a backup archive file needs to be placed so that QRadar can automatically import it?
Correct Answer: B
Vote an answer
QUESTION NO: 10
Which step is required for the migration of Ariel data from an old appliance to a new appliance?
Which step is required for the migration of Ariel data from an old appliance to a new appliance?
Correct Answer: C
Vote an answer
QUESTION NO: 11
There are 10 retention buckets in Qradar SIEM. The default is placed in the last line with retention policy of 30 days. Action is set to delete the data immediately after retention period has expired. Admin creates another policy on top of the default policy to keep firewall data for 10 days.
What will happen to the data after 30 days?
There are 10 retention buckets in Qradar SIEM. The default is placed in the last line with retention policy of 30 days. Action is set to delete the data immediately after retention period has expired. Admin creates another policy on top of the default policy to keep firewall data for 10 days.
What will happen to the data after 30 days?
Correct Answer: C
Vote an answer
QUESTION NO: 12
QRadar rules can utilize reference data to further correlate results.
Which term is a valid reference data type?
QRadar rules can utilize reference data to further correlate results.
Which term is a valid reference data type?
Correct Answer: D
Vote an answer
QUESTION NO: 13
Which utility is used for checking the integrity of event and flow logs?
Which utility is used for checking the integrity of event and flow logs?
Correct Answer: D
Vote an answer
QUESTION NO: 14
Which IP address is used to log in to the active HA QRadar appliance?
Which IP address is used to log in to the active HA QRadar appliance?
Correct Answer: A
Vote an answer
QUESTION NO: 15
Which of these is a tenant administrator responsible for?
Which of these is a tenant administrator responsible for?
Correct Answer: B
Vote an answer