1. Home
    2. »
  2. Uncategorized
    3. » IBM QRADAR SIEM Exam Exercise part 1

IBM QRADAR SIEM Exam Exercise part 1

- Posted in Uncategorized by - Permalink

IBM QRADAR SIEM Exam Exercise part 1

1. An Administrator is adding a log in IBM Security QRadar SIEM V7.2.8
What Required software application that support the log source should be used for this
procedure?
A. QRadar QFlow Collector
B. QRadar Event Collector
C. Device Support Module (DSM)
D. IBM X-Force Exchange plug-in for QRadar

2. What is needed to send the same events and flows to separate data centers or 
geographically separate sites and enable data redundancy in 
IBM Security QRadar SIEM V7.2.8?
A. A Flashcopy or GlobalMirror License
B. A dark fibre network and proper configuration of the backup and recovery feature
C. A load balancer or other method to deliver the same data mirrored appliances
D. Use the backup and recovery automation feature in Qradar and 
a dedicated fiber channel connection

3. An IBM Security QRadar SIEM V7.2.8 Administrator wants to create a security 
profile within the system but receives an error upon saving. What is a possible 
reason for this error?
A. The Administrator has used non alpha numeric value(s) in the name which is 
not allowed.
B. The Administrator has used less than 3 characters or more than 30 characters 
as name of the security profile
C. The Administrator has mixed non alpha numeric value(s) and alpa numeric value(s) 
in the name which is not allowed
D. The Administrator must bring the IBM Security QRadar SIEM V7.2.8 system first in 
edit mode before changes are allowed

4. When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling 
horizontally to achieve Event per Second (EPS) requirements, what QRadar Component 
needs to be added to meet EPS demands
A. Event Manager
B. Event Indexing
C. Event Collector
D. Event Processor

5. An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to assign 
a report to a group named Network Management. What is the Process for this task 
to be completed?
A. Reports Tab > Select report > Actions > Assign Groups > Item Groups > 
Select Network Management > Assign Groups
B. Admin Tab > Report Permissions > select report > Actions > Assign Groups > 
Select Network Management > Assign
C. Reports Tab > Report Permissions > select report > Actions > Assign Groups > 
Select Network Management > Assign
D. Admin Tab > Report Permissions > select report > Actions > Assign Users > 
select Network Management > Assign

6. How Many dashboards come by default in IBM Security QRadar SIEM V7.2.8?
A. 1
B. 5
C. 7
D. 10

7. An Administrator working with IBM Security QRadar SIEM V7.2.8 has updated by 
the date/time on the QRadar console system and wants to Update these date/time 
setting to all his hosts in the distributed environment. What command should be run?
A. /opt/qradar/bin/datesycn_all_servers.sh
B. /opt/qradar/support/all_servers.sh/opt/qradarr/bin/time_sync.sh
C. /opt/qradar/support/fullDeployment.sh/opt/qradar/bin/time_sync.sh
D. /opt/qradar/support/all_servers.sh/opt/qradar/bin/check_date_change.sh

8. What data is purged by the SIM reset process “Hard Clean” in 
IBM Security QRadar SIEM V7.2.8?
A. All current and historical SIM data
B. All historical SIM data, current SIM data is retained
C. All SIEM data, a complete a reconfiguration is required
D. All source and destination IP addresses are purged, all offenses 
in the database are closed

9. An administrator is tasked with installing additional log sources into 
an IBM Security QRadar SIEM V7.2.8 deployment, bringing the total number of 
log sources to 900. The deployment is using the default license and the administrator is 
getting an error attempting to add these additional log sources. Why is this error happening?
A. The default license only allow 250 log sources
B. The default license only allow 500 log sources
C. The default license only allow 750 log sources
D. The default license only allow 800 log sources

10. Where are system notifications located in IBM Security QRadar SIEM V7.2.8?
A. Only in the Admin Tab > System Messages
B. Only on the banner above the QRadar navigation tab
C. On the banner above the QRadar navigation tabs or on the system Monitoring dashboard
D. On the banner above the QRadar navigation tabs or in the Admin Tab > System Messages

11. What are three protocols that collect flow data from network devices, such as routers, 
and send this data to IBM Security QRadar SIEM V7.2.8
A. NetFlow, J-Flow and sFlow
B. Netflow, IPFIX and syslog
C. Netflow, rsyslog and sFlow
D. Netflow, Packeteer and syslog

12. An Administrator working with IBM Security QRadar SIEM V7.2.8 was tasked with adding 
a new Microsoft Azure log Source. What Protocol is supported for this?
A. FTP
B. JDBC
C. Syslog
D. WinCollect

13. A retention policy allows an IBM Security QRadar SIEM V7.2.8 Administrator to define 
how long the system is required to keep certain types of data and what to do when 
data reaches a certain age. If a 3 month retention policy is defined for all events, 
then the system will not delete event data until its on disk timestamp is 3 months in the past. 
Which two choices are available in the‘delete data in this bucket’? (Choose two.)
A. When the index is full
B. Upon reboot of the system
C. When storage space is required
D. When performance is heavily affected
E. Immediately after retention period has expired

14. Where are the IBM Security QRadar SIEM V7.2.8 log files located?
A. /var/qradar.log
B. /var/log/qradar.log
C. /opt/qradar/log/qradar.log
D. /opt/qradar/support/qradar.log

15. Which appliance of the IBM Security QRadar SIEM V7.2.8 family is specifically used to 
gather events from local and remote log sources
A. QRadar Event Console
B. QRadar QFlow Collector
C. QRadar Event Collector
D. QRadar Event Processor

16. An IBM Security QRadar SIEM V7.2.8 Adminstrator needs to retain authentication failure data 
to a specific domain, for a longer period than the rest of the event data being collected. 
How is this task completed?
A. The administrator will need to create a custom rule with the appropriate filters and 
retention period.
B. The administrator will need to create a new Event Retention Bucket with 
the appropriate filters and retention period
C. The administrator will need to create a custom filter in the log activity tab with 
the appropriate parameters and retention period
D. The administrator will need to create a custom report with the appropriate parameters 
and use the report format TAR (tape archieve)

17. An Administrator using IBM Security QRadar SIEM V7.2.8 is using the RegEx syntax below :
(bd{1,3}.d{1.3}b) What type of information is it designed to extract?
A. An IP Address
B. GPS Coordinates
C. A Telephone Number
D. A simple integer no longer than 4 digits

18. During the IBM Security QRadar SIEM V7.2.8 installation, which two default user roles 
are defined? (Choose two)
A. All
B. Any
C. Admin
D. SuperUser
E. SuperAdmin

19. What is a difference between Flows and Event data collected by 
IBM Security QRadar SIEM V7.2.8?
A. Events are streamed each minute to the Event Processor. Flows are streamed immediately 
to the Flow Processor
B. Flow data is collected from different log sources. Event data is collected from internal 
or external network sources
C. An Event occurs at a specific time and is logged at that time. A Flow is a record of 
network activity that can last for seconds, minutes, hours, or days.
D. An Event can span time lasting seconds, minutes, hours depending on the duration of 
network session. A Flow happens at a single point in time and then is complete

20. Which permission can be assigned to a user from User Roles in the 
IBM Security QRadar SIEM V7.2.8 Console?
A. Admin
B. DSM Updates
C. Flow Activity
D. Configuration Management

21. The event pipeline for processing event data before viewing and using event data on the 
IBM Security QRadar SIEM V7.2.8 console consist of many components, what is one component?
A. Indexing Component
B. Flow Data Component
C. Magistrate Component
D. Event Data Component

22. An IBM Security QRadar SIEM V7.2.8 Administrator assigned to company that is 
looking to add QRadar into their current network. The company has requirements 
for 250,000 FPM, 15,000 EPS and FIPS. 
Which QRadar appliance solution will support this requirement?
A. QRadar 3128-C with Basic License
B. QRadar 2100-C with Basic License
C. QRadar 3128-C with Upgraded License
D. QRadar 2100-C with Upgrade License

23. An BM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on 
the console. Which command can the Administrator run to begin diagnosing this issue?
A. /etc/init.d/tomcat status
B. /etc/init.d/ariel_query_server status
C. /opt/qradar/init/apply_tunning status
D. /opt/qradar/init/ariel_query_server status

24. The event data collected by IBM Security QRadar SIEM V7.2.8 is 
being deleted after one month. The legal department required the data be kept 
for two months. What can the administrator do to accommodate this requirement?
A. Change the nightly backup Priority to “High”
B. Change the nightly backup to a monthly backup
C. Change the Default Event Retention Policy property field “Do not delete data in this bucket” to two months
D. Change the Default Event Retention Policy property field “Keep data placed in this bucket for”to two months

25. What is a precaution an Administrator should take before beginning an upgrade of 
IBM Security QRadar SIEM V7.2.8?
A. Close all open offenses
B. Purge old data and events
C. Check and close all open messages
D. Confirm that a backup of the data is complete
Tags:

Related posts

« »