Question 6 of 60

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A

Deployment Professional needs to configure SFlow.

What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?

Answer

Suggested Answer

The suggested answer is C.

In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing.
However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source
Interface(s) parameter in the QRadar QFlow Collector configuration.
The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows.
The No option prevents the QRadar QFlow Collector from recombining asymmetric flows.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html
Question 7 of 60

In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased.

How many additional views were added?

Answer

Suggested Answer

The suggested answer is D.

The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21690762
Question 8 of 60

Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only.

How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?

Answer

Suggested Answer

The suggested answer is C.

Multitenant environments allow Managed Security Service Providers (MSSPs) and multi-divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don't have to deploy a unique QRadar instance for each customer.
In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_adm_tenant_mgmt_overview.html
Question 9 of 60

A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level.The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.What should be created to meet this client's goal?

Answer

Suggested Answer

The suggested answer is D.

Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM.
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
Question 10 of 60

You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft

Windows Server.

Which log source protocol should be used to accomplish this task?

Answer

Suggested Answer

The suggested answer is B.

A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts.
Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html