C1000-156 Exam - Free IBM Questions and Answers

Question #6 (Topic: Exam A)

An administrator receives a file with all the vital assets in the company and wants to import this file into QRadar.
How must this import file be formatted?

A. JSON file in the format: IP address, Name, Weight, Domain B. XML ile in the format: IP address, Name, Weight, Domain C. CSV file in the format: IP address, Name, Weight, Description D. XLS file in the format: IP address, Name, Weight, Description

Answer: C

Question #7 (Topic: Exam A)

An administrator wants to export a list of events to a CSV file.
Which items are in the default columns of the search result?

A. Protocol, Storage Time, Destination Port, Source Port B. Log Source, Event Count, High Level Category, Related Offense C. Event Name, Application, Username, Log Source D. Username, Source Port, Event Count, Magnitude

Answer: C

Question #8 (Topic: Exam A)

An administrator would like to optimize event and flow payload searches for log data that is stored for up to a month.
What does an administrator need to do to achieve that requirement?

A. Configure the retention period for search indexes. B. Configure the retention period for property indexes. C. Perform a clean on the search model. D. Configure the retention period for payload indexes.

Answer: D

Question #9 (Topic: Exam A)

To detect outliers, which Anomaly Detection Engine rule tests events or flows for volume changes that occur in regular patterns?

A. Threshold rules B. Anomaly rules C. Building block rules D. Behavioral rules

Answer: D

Question #10 (Topic: Exam A)

Which authentication type in QRadar encrypts the username and password and forwards the username and password to the external server for authentication?

A. RADIUS authentication B. Two-factor authentication C. TACACS authentication D. System authentication

Answer: C

IBM C1000-156 - QRadar SIEM V7.5 Administration Exam