CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IBM
  5. C1000-156

Free C1000-156 Exam Braindumps (page: 5)

Page 4 of 17
PDF with 109 Questions

What is the default day and time setting for when QRadar generates weekly reports?

  1. Sunday 01:00 AM
  2. Monday 02:00 AM
  3. Sunday 02:00 AM
  4. Monday 01:00 AM

Answer(s): A

Explanation:

In IBM QRadar SIEM V7.5, the default setting for generating weekly reports is configured to occur on:

Day: Sunday

Time: 01:00 AM

This setting ensures that the reports are generated during a typical low-activity period, minimizing the impact on system performance and ensuring that the latest data from the previous week is included.

Reference
The default configuration for report generation times is specified in the IBM QRadar SIEM V7.5 administration and user documentation.



When creating an identity exclusion search, what time range do you select?

  1. Previous 7 days
  2. Real time (streaming)
  3. Previous 30 days
  4. Previous 5 minutes

Answer(s): B

Explanation:

When creating an identity exclusion search in IBM QRadar SIEM V7.5, the time range selected is

"Real time (streaming)." This setting ensures that the search continuously monitors and excludes identities in real-time as data is ingested. Here's the process:

Real-time Monitoring: Continuously updates the search results based on incoming data, providing immediate exclusion of specified identities.

Streaming Data: Processes data in a live stream, ensuring that the exclusion criteria are applied instantaneously as new events occur.

Reference
The setup and configuration of identity exclusion searches are detailed in the QRadar SIEM

administration guides, highlighting the importance of real-time streaming for effective identity management.



A QRadar administrator needs to quickly check the disk space for all managed hosts.
Which command does the administrator use?

  1. /opt/qradar/support/all_servers.sh 'Is -ltrsh"
  2. /opt/qradar/support/all_servers.sh "rra -rf /store'
  3. /opt/qradar/support/all_servers.sh -C -k 'df -Th'
  4. /opt/qradar/support/all_servers.sh -C -K 'watch Is'

Answer(s): C

Explanation:

To quickly check the disk space for all managed hosts in IBM QRadar SIEM V7.5, the administrator uses the following command:

Command: /opt/qradar/support/all_servers.sh -C -k 'df -Th'

Function: This command checks the disk space across all managed hosts, providing detailed information about the filesystem types and disk usage.

Parameters:

-C: Executes the command on all managed hosts.

-k: Keeps the output in a human-readable format.

'df -Th': The specific command to display the disk space usage in a tabular format with human- readable file sizes.

Reference
The IBM QRadar SIEM documentation provides a comprehensive list of commands for system administration, including those for checking disk space on managed hosts.



Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?

  1. TAXII
  2. AQL
  3. STIX
  4. JSON
  5. OSINT

Answer(s): A,C

Explanation:

The QRadar Threat Intelligence app uses open standards to integrate and utilize threat intelligence feeds effectively. The two key standards used are:

TAXII (Trusted Automated eXchange of Indicator Information): This is an application layer protocol used for exchanging cyber threat intelligence over HTTPS. It enables the sharing of threat information across different systems and organizations.

STIX (Structured Threat Information eXpression): This is a standardized language used for representing structured cyber threat information. STIX enables the consistent and machine-readable representation of threat data, facilitating the integration and analysis of threat intelligence.

These standards ensure that threat intelligence data is formatted and exchanged in a consistent and interoperable manner, enhancing the overall effectiveness of the threat intelligence processes in QRadar.

Reference
The IBM QRadar SIEM documentation and threat intelligence app configuration guides describe the use of TAXII and STIX for integrating threat intelligence feeds.






Post your Comments and Discuss IBM C1000-156 exam with other Community members:

C1000-156 Discussions & Posts