IBM C1000-140 Certification Practice Questions & Answers

Question 6 of 62

What approach does QRadar take when it imposes EPS license (not hardware) limits on events that temporarily spike above that limit?

A.

Excessive events in a spike cause a System Notification that advises the customer to increase their EPS license allocation.

B.

QRadar EPS license allocation is implemented with a hard cutoff to ensure resources are not saturated.

C.

During the spike, excess events are written to a queue, and they are processed after the EPS rate drops.

D.

QRadar EPS licensing is measured as an average over a 24-hour period, which allows spikes to be handled gracefully.

Question 7 of 62

What is an approach to tuning a “noisy” rule, that is, a rule that generates too many offenses?

A.

Determine whether the rule matches too many conditions in the traffic.

B.

In the offense output, scroll down and review the “Excessive” flags.

C.

Confirm that the rule is enabled.

D.

Use the QRadar Pulse app to map noisy offense output.

Question 8 of 62

Which of these statements is true about network objects?

A.

A network object can have multiple CIDR ranges assigned to it.

B.

A network object must have at least one CIDR range per QRadar domain.

C.

A network object represents a single asset that is connected to a network.

D.

A network object is a group of assets that are connected to a network.

Question 9 of 62

A QRadar deployment professional designs a multi-tenant environment where each tenant is permitted a quantity of events per second (EPS).

In a discussion with the service provider (who provides the security monitoring services to each tenant), how should the deployment professional describe the licensing options available?

A.

Per-tenant EPS limits can be set, but any events over the EPS will be dropped from the pipeline; over-license buffering will not be used to handle EPS spikes.

B.

Per-tenant EPS limits can be set if the tenants are defined by event collectors. Then over-license buffering can be used to handle EPS spikes.

C.

If each domain and tenant is defined by log source groups, the EPS limit can be shared by the log source groups used for each tenant. Over-license buffering is defined at the event collector.

D.

The domain sets EPS limits, so each tenant needs to have only one domain. This way, over-license buffering can be used to handle EPS spikes.

Question 10 of 62

What is the directory where a backup archive file needs to be placed so that QRadar can automatically import it?

A.

/store/imports/inbound

B.

/store/backupHost/inbound

C.

/storetmp/backups

D.

/storetmp/imports/backups