Free C1000-140 Sample Questions — IBM Security QRadar SIEM V7.4.3 Deployment

For tenant data retention, what is the maximum number of buckets for shared data that can be created per tenant?

• A. 2
• B. 10
• C. No limit
• D. 20

Consider this scenario and instruction. Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the “and when the source IP is one of the following” test to include the IP addresses of the following scanners. VA Scanners - Authorized Scanners - What type of editable building block is described?

• A. BB:HostDefinition: Authorized ScannersSource IP
• B. BB:HostDefinition: VA Scanner Source IP
• C. BB:NetworkDefinition: Server Networks
• D. BB:HostDefinition: Proxy Servers

Which two of these authentication types are valid for RADIUS authentication? (Choose two.)

• A. MSCHAP
• B. ASCII
• C. TCP
• D. PAP
• E. XML

While a search runs on the Network Activity tab, the direction of a set of flows is seen as R2R. The source IP of this set of flows is an internal email server. What does this situation suggest about the QRadar configuration?

• A. QRadar might be having performance issues
• B. The email server is offline or down
• C. The email server is not included in the network hierarchy
• D. The flow pipeline is choked because of high incoming flows

A QRadar deployment professional needs to transfer the configuration of a distributed environment (one Console and one EP, not using HA) onto an All-in-One (AIO) system to run some forensics against data that will be added later. What approach should the deployment professional suggest for building the new AIO?

• A. Use rsync to transfer the contents of the /store partition to the new system
• B. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed by use of the GUI
• C. Because the destination environment does not have the same number of appliances, the only option is to use the content management tool (CMT) to transfer the security configuration
• D. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed only by use of back-end PSQL commands

Which of these items is updated when vulnerability scan results from third-party vulnerability scanners are imported into QRadar?

• A. Assets
• B. Flow sources
• C. Event sources
• D. Vulnerability scanner sources

What can content management scripts be used to accomplish?

• A. Update QRadar
• B. Export content from a QRadar deployment
• C. Debug the default configuration in QRadar
• D. Extract the list of offenses in QRadar

A QRadar deployment professional needs to add a managed host to help reduce the load on the QRadar Console. The managed host should have local storage and also use the QRadar Custom Rule Engine. Which managed host does the deployment professional add?

• A. Event Collector
• B. App Host
• C. Disconnected Log Collector
• D. Event Processor

Which log source should be used to filter QRadar audit events?

• A. Health Metrics-2
• B. SIM Audit-2
• C. Audit-log
• D. SIM-Audit-log

Before the creation of a new application instance with QRadar Assistant, with what entity must every application be associated?

• A. An authorization token
• B. user role
• C. security profile
• D. tenant