IBM Security QRadar SIEM V7.5 Deployment (C1000-163) Free Practice Test

Question 1

Under ATT&CK Actions, which option can be used to show an overview of the tactics covered in QRadar Use Case Manager?

A. Heat map calculations

B. Coverage summary and trend

C. ATT&CK analyze and report

D. Detected in timeframe

Correct Answer: B

Question 2

The Server Discovery process updates building blocks based on which of these?

A. Port-based filtering

B. Malware detection

C. CMDB integration

D. MAC address filtering

Correct Answer: C

Question 3

Where do you select a custom property in an event?

A. Use Case Manager app

B. Log source test output

C. Event payload

D. Event protocol

Correct Answer: C

Question 4

What is the default data retention period for a retention bucket?

A. 1 month

B. 14 days

C. 1 year

D. 7 days

Correct Answer: A

Question 5

Which type of information is considered as identity data for QRadar Assets?

A. MAC Address

B. Destination Port

C. Rule Name

D. Source Port

Correct Answer: A

Question 6

An authentication token is generated on the QRadar Console for WinCollect agent installation.
What kind of WinCollect agent needs an authentication token?

A. Dependent WinCollect agent

B. Stand-alone WinCollect agent

C. Independent WinCollect agent

D. Managed WinCollect agent

Correct Answer: D

Question 7

Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the "and when the source IP is one of the following" test to include the IP addresses of the following scanners.
- VA Scanners
- Authorized Scanners
What type of editable building block is described?

A. BB:NetworkDefinition: Server Networks

B. BB:HostDefinition: VA Scanner Source IP

C. BB:HostDefinition: Authorized ScannersSource IP

D. BB:HostDefinition: Proxy Servers

Correct Answer: A

Question 8

When you install QRadar, the default license key is temporary and gives you access to the system for __________days from the installation date.

A. 50

B. 35

C. 60

D. 45

Correct Answer: B

Question 9

Which app pulls feeds by using the open standard STIX and TAXII formats?

A. QRadar Threat Intelligence

B. QRadar Network Threat Analytics

C. QRadar User Behavior Analytics

D. QRadar Use Case Manager

Correct Answer: A

Question 10

Which tool allows you to troubleshoot accumulator issues?

A. threadTop.sh

B. scrub.pl

C. collectGvStats.sh

D. validate_ecs_service.sh

Correct Answer: C

Welcome to TestSimulate

IBM Security QRadar SIEM V7.5 Deployment (C1000-163) Free Practice Test