IBM C1000-156 - QRadar SIEM V7.5 Administration Exam
Page: 1 / 22
Total 109 questions
Question #1 (Topic: Exam A)
You want to use a quick filter search to look for certain elements:
10.100.100.*
BlueCoat
TCP_REFRESH_MIS
Which string provides the correct results?
10.100.100.*
BlueCoat
TCP_REFRESH_MIS
Which string provides the correct results?
A. (10.100.100.* Bluecoat TCP_REFRESH_MIS)
B. 10.100.100.*%Bluecoat%TCP_REFRESH_MIS
C. (10.100. 100.* AND Bluecoat AND TCP_REFRESH_MIS)
D. "10.100.100.*%AND%Bluecoat%AND%TCP_REFRESH_MIS"
Answer: C
Question #2 (Topic: Exam A)
A QRadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period.
Which method can be used to accomplish this goal?
Which method can be used to accomplish this goal?
A. Using the "response limiter”
B. Using a special rule test that limits the number of rule triggers
C. Tuning the rule conditions to make it trigger fewer times
D. Using the “execute custom action" rule response
Answer: A
Question #3 (Topic: Exam A)
Which command does an administrator run in QRadar to get a list of installed applications and their App-ID values output to the screen?
A. /opt/qradar/support/recon connect 1005
B. opt/qradar/support/deployment_info.sh
C. /opt/qradar/support/recon ps
D. /opt/qradar/support/threadTop.sh
Answer: B
Question #4 (Topic: Exam A)
When will events or flows stop contributing to an offense?
A. When the offense becomes inactive
B. After the offense is assigned to an analyst
C. When the offense becomes dormant
D. When you protect the offense
Answer: A
Question #5 (Topic: Exam A)
How many vulnerability processors can you have in your deployment?
A. 1
B. 10
C. 3
D. 5
Answer: A
