CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IBM
  5. C1000-055

Free C1000-055 Exam Braindumps (page: 3)

Page 2 of 16
PDF with 60 Questions

A deployment professional needs to configure the IBM QRadar systems so that data is forwarded to one or more vendor systems, such as ticketing or alerting systems.
Which event format options can the deployment professional use for forwarding destination configuration?

  1. payioad, normalized and json
  2. leef, json and cef
  3. normalized, json and cef
  4. json, cef and payload

Answer(s): C



Some customers do not fully understand the benefits of using dedicated appliances to collect events and flows, complaining about the complexity of the deployments.
How should the deployment professional clarify any doubts that may arise?

  1. Using All-in-One appliances are a good choice for environments greater than 100.000 EPS.
  2. Event Processor collect events from various log sources and continuously forwards these events to an Event Collector.
  3. Dedicated event collectors when deployed in VMs include an on-board event processor that can be directly attached to an All-in-One Virtual console type 3199.
  4. The operation of the QRadar security intelligence platform consists of three layers, and applies to any QRadar deployment structure, regardless of its size and complexity.

Answer(s): A



A deployment professional sees that there are occasional spikes in the EPS (Events per second). The host has 1000 EPS allocated but the occasional spikes go up to 1185 EPS.
What happens with the events when they go over the allocated amount?

  1. Events are shown normally, but no offenses are generated.
  2. Events are moved to a temporary queue.
  3. Events are shown normally, QRadar has 20% buffer.
  4. Events are dropped.

Answer(s): B



High availability (HA) has been configured for an event processor in a deployment. The end user gets the notification "Disk Usage Exceeded max Threshold" for the /store partition on primary host. The retention settings are "Delete data in this bucket: immediately after the retention period has expired".

What will be the behavior of the primary at this stage?

  1. Primary will stop HA disk replication and failover to Secondary
  2. Primary will keep running HA disk replication and failover to Secondary
  3. Primary will stop HA disk replication and No failover to Secondary
  4. Primary will keep running HA disk replication and No failover to Secondary

Answer(s): A






Post your Comments and Discuss IBM C1000-055 exam with other Community members:

C1000-055 Discussions & Posts