C1000-055 Exam Training Practice Tests (IBM QRadar SIEM V7.3.2 Deployment)]

Question 1

A deployment professional has to decide where data will be stored in a newly configured environment to submit a plan for storage and network connectivity bandwidth.
Which QRadar components within a deployment can store raw or normalized events locally? (Choose two)

A. Event Collector B. Data Node C. Flow Collector D. Data Diode E. Event Processor

Correct Answer: B,E

Explanation: Only visible for TrainingDump members. You can sign-up / login (it's free).

Question 2

A deployment professional is redesigning the existing deployment to add a event processor due to an increased event rate. The deployment professional observes the events per second (EPS) to be a collective 30,000 EPS from two event collectors (EC1 and EC2) and sometimes exceeds the EPS capacity. EC1 and EC2 are in same network segment.
Considering there are more licenses available than needed in the license pool, which processor should the deployment professional replace the event collector(s) with?

A. Replace EC1 with one QRadar Event Processor 1648 B. Replace EC1 and EC2 with one QRadar Event Processor 1605 C. Replace EC1 with one QRadar Event Processor 1605 D. Replace EC1 and EC2 with one QRadar Event Processor 1629

Correct Answer: D

Question 3

A deployment professional needs to include a network inspection device in a banking organization as per the new security guidelines. Real time threat investigation has to be done along with the post-incident analysis. A QRadar Incident Forensics has been included in the design for post-incident forensic analysis.
Which devices should be chosen for the realtime analysis?

A. Flow Collector (FC) and QRadar Network Insight (QNI) B. Network PCAP and Flow Processor (FP) C. Flow Collector (FC) and Flow Processor (FP) D. QRadar Network Insight (QNI) and Flow Processor (FP)

Correct Answer: B

Question 4

A deployment professional needs to add a new log source using Log File protocol. Which option is valid for retrieving files?

A. SNMP B. Syslog C. SFTP D. TFTP

Correct Answer: C

Question 5

The deployment professional needs to pull events from an HR system that are recorded in a database. Which protocol would be used to collect the data?

A. syslog B. JDBC C. HTTP D. OPSEC/LEA

Correct Answer: B

Question 6

A deployment professional wishes to implement a QRadar product which provides network topology, active attack paths and high-risk assets risk-score adjustment on assets based on policy compliance.
Which product would the deployment professional deploy to achieve this?

A. QRadar Vulnerability Scanner B. QRadar Incident Forensics C. QRadar Topology Scanner D. QRadar Risk Manager

Correct Answer: C

Question 7

A deployment professional is faced with the following system notification.
38750107 - The last attempt to read in rules (usually due to a rule change) has failed. Please see the message details and error log for information on how to resolve this.
What should the deployment professional do after trying to disable and enabling the rule?

A. Delete and recreate the rule. B. Before doing anything else, call customer support. C. Modify the rule. D. Create a new rule without deleting the old rule.

Correct Answer: B

IBM QRadar SIEM V7.3.2 Deployment - C1000-055 Exam Practice Test