IBM Security QRadar SIEM V7.3.2 Fundamental Administration 試験
Question No : 1
An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.
What should the administrator do to complete the HA configuration?
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1/com.ibm.qradar.doc/ b_qradar_ha_guide.pdf
Question No : 2
A QRadar user reported the following notification:
38750099 C The accumulator was unable to aggregate all events/flows for this interval
When does this message appear?
Question No : 3
Which of the following dashboards is a QRadar default Dashboard?
Question No : 4
What is a reason for restarting hostcontext service in QRadar?
Question No : 5
A company has two different domains in their IBM QRadar system: Domain_A and Domain_B. An administrator has been tasked to create a rule to look only at events that are tagged with Domain_A and ignore rules that are tagged with the other domains.
What domain text should the administrator use to create this rule?
Question No : 6
An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching “policy ID” of the IDS.
Which type of property must the administrator create?
Question No : 7
Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?
Question No : 8
An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts.
Which command can the administrator use to accomplish this?
Question No : 9
yum update XX_patchupdate.sfs
D. 1. patch XX_patchupdate.sfs
Question No : 10
How many default dashboards does QRadar have?
Question No : 11
An administrator has added a new Event Processor to a QRadar deployment.
How many events per second (EPS) are granted from the temporary license and how many days will those EPS last?
Question No : 12
Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?
Question No : 13
Due to regulatory constraints, an administrator must increase the minimum password length and complexity.
In which QRadar section can the administrator change this setting?
Question No : 14
What is the correct supernet for these subnets?
Question No : 15
An administrator plans to deploy multiple log sources that share a common configuration.
How many log sources can be added at one time?