QRadar SIEM V7.5 Administration v1.0

Page:    1 / 8   
Exam contains 109 questions
Expand All

How can an administrator configure a rule response to add event data to a reference set?

  • A. Use the “add to reference set” rule response.
  • B. Use the “add the following data to a reference set” rule test.
  • C. Use AQL functions.
  • D. Write a custom script.


Answer : A

An administrator opens the Offenses section and goes to Rules to edit the system notification rule.
What is the rule name for system notifications?

  • A. System: Notification
  • B. System: Hardware and Software monitoring
  • C. System: Hardware Notifications
  • D. System: Software Notifications


Answer : A

Domain assignments take precedence over the settings of which other elements from a security profile?

  • A. Permission Precedence, and Log Sources tabs
  • B. Permission Precedence, Networks, and Log Sources tabs
  • C. Security profiles, Networks, and Log Sources tabs
  • D. Security profiles, Networks, and Domains


Answer : B

Which two pieces of information from the MaxMind account must be included in QRadar for geographic data updates? (Choose two.)

  • A. API password
  • B. Account/User ID
  • C. MaxMind username
  • D. License Key
  • E. API key


Answer : BD

Before configuring a WinCollect log source, which two ports does a Radar administrator ensure are open?

  • A. 514 and 8413
  • B. 445 and 8413
  • C. 443 and 8413
  • D. 8080 and 8413


Answer : A

Which two data sources can be assigned to a domain in the Domain Management function? (Choose two.)

  • A. Flow collectors
  • B. Rules
  • C. X-Force Integration Feed
  • D. Log sources
  • E. Users


Answer : AD

In which QRadar section can the administrator view the license giveback rate?

  • A. Log Activity tab by searching for the term “giveback" in the Quick Filter
  • B. Admin tab > system settings
  • C. Admin tab > License pool management
  • D. Log Activity tab > AQL query in the Advanced Search "select LicenseGiveback from license"


Answer : C

When using the DSM Editor, which option do you select to separate individual events based on another character, or sequence of characters, so that the event is kept intact as a single multi-line event?

  • A. Override event ender
  • B. Override event delimiter
  • C. Override event start
  • D. Override end delimiter


Answer : B

What is the default day and time setting for when QRadar generates weekly reports?

  • A. Sunday 01:00 AM
  • B. Sunday 02:00 AM
  • C. Monday 01:00 AM
  • D. Monday 02:00 AM


Answer : C

Which command can a QRadar administrator use to connect to the QRadar app container?

  • A. app connect <app id>
  • B. recon ps <app id>
  • C. recon connect <app id>
  • D. yum info <app id>


Answer : C

You are using the command line interface (CLI) and need to fix a storage issue.
What command do you use to verify disk usage levels?

  • A. ls -laF
  • B. lsof -h
  • C. du -h
  • D. df -h


Answer : D

Which two open standards does the QRadar Threat Intelligence app use for feeds? (Choose two.)
A TAXII

  • B. OSINT
  • C. JSON
  • D. AQL
  • E. STIX


Answer : AE

What is the most restrictive permissions a user needs in order to see all of the events from a particular log source in the Log Activity tab?

  • A. The user needs access to the Networks AND Log Sources to see a particular log in the activity tab.
  • B. The user's security profile must include that log source, and the profile needs permission to Networks AND Log Sources.
  • C. The log source must be included in the user’s security profile and the profile needs its precedence set to Log Sources Only.
  • D. A user needs access to Flow Sources Only.


Answer : C

How can you configure a log source to provide events to different domains?

  • A. Use the Assistant app to update the domain information for the log source.
  • B. Use custom properties to assign events from a single log source to different domains.
  • C. Use the Use Case Manager app to update building blocks to support multidomain events.
  • D. Create a saved search on the Network Activity tab to view events in specific domains.


Answer : B

A QRadar administrator creates a new saved search in QRadar.
Which option does the administrator enable to allow this search to be opened as the Log Activity tab is opened?

  • A. Set as Default
  • B. Share with Everyone
  • C. Include in my Dashboard
  • D. Include in my Quick Searches


Answer : A

Page:    1 / 8   
Exam contains 109 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy