C1000-163問題集、IBM実際の試験問題

質問 1

Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the "and when the source IP is one of the following" test to include the IP addresses of the following scanners.
- VA Scanners
- Authorized Scanners
What type of editable building block is described?

A. BB:HostDefinition: Authorized ScannersSource IP

B. BB:HostDefinition: VA Scanner Source IP

C. BB:HostDefinition: Proxy Servers

D. BB:NetworkDefinition: Server Networks

正解: D

質問 2

Which utility is used for checking the integrity of event and flow logs?

A. check_database_integrity.sh

B. check_data_integrity.sh

C. check_postgre_integrity.sh

D. check_ariel_integrity.sh

正解: D

質問 3

After working on a QRadar Support case, a set of logs is needed for further review.
Where is the script to gather those logs in case you have no UI access?

A. /opt/qradar/get_logs.sh

B. /bin/qradar/get_logs.sh

C. /bin/qradar/support/get_logs.sh

D. /opt/qradar/support/get_logs.sh

正解: D

質問 4

Which two types of default building blocks do you need to edit to reduce the number of offenses that are generated by high volume traffic servers?

A. Network Definition

B. Traffic Definition

C. Server Definition

D. Event Definition

E. Host Definition

正解: A,E

質問 5

What is the directory where a backup archive file needs to be placed so that QRadar can automatically import it?

A. /storetmp/backups

B. /storetmp/imports/backups

C. /store/imports/inbound

D. /store/backupHost/inbound

正解: D

質問 6

An analyst views a dashboard in Pulse, which is not working as expected.
Which aggregation type should be selected to ensure the correct configuration for a Pie Chart?

A. Last

B. First

C. Total

D. Middle

正解: B

質問 7

Which two options does a QRadar analyst need to configure in the False Positive window of the QRadar Console to mark an event or flow as False Positive?

A. Asset and traffic direction

B. Event or flow property and username

C. Event or flow property and traffic direction

D. Event or flow property and port number

正解: C

質問 8

Where are audit logs located?

A. /opt/audit/logs

B. /var/log/audit

C. /opt/var/log/audit

D. /var/audit

正解: B

質問 9

Which data is processed by the IBM Security QRadar Network Threat Analytics app?

A. Event data

B. Asset data

C. Flow data

D. User data

正解: C

質問 10

What is the minimum bandwidth required between the primary and the secondary nodes of a HA cluster?

A. 1 Mbps

B. 10 Gbps

C. 100 Mbps

D. 1 Gbps

正解: D

質問 11

What is an approach to tuning a "noisy" rule, that is, a rule that generates too many offenses?

A. Confirm that the rule is enabled.

B. In the offense output, scroll down and review the "Excessive" flags.

C. Use the QRadar Pulse app to map noisy offense output.

D. Determine whether the rule matches too many conditions in the traffic.

正解: D

質問 12

At the Offense Summary window, the first row of data shows the level of importance that QRadar assigned to the offense.
Which statement is the correct description for Magnitude?

A. QRadar determines it by the weight that the administrator assigned to the networks and assets.

B. It indicates the threat that an attack poses in relation to how prepared the destination is for the attack.

C. It indicates the relative importance of the offense, calculated based on the relevance, severity, and credibility ratings.

D. It indicates the integrity of the offense as determined by the credibility rating that is configured in the log source. It increases as multiple sources report the same event.

正解: C

質問 13

Which port is used for bidirectional traffic between WinCollect agent and QRadar Console?

A. 8413

B. 8082

C. 8080

D. 8844

正解: A

質問 14

All appliances must be on the same version and patch level prior to an upgrade.
How are the patch levels verified for all systems in a deployment?

A. Run /opt/qradar/support/all_servers.sh -C -k /opt/qradar/bin/myver -v

B. Run /opt/qradar/bin/applianceVer -v

C. Run qradarver -v

D. Under the Dashboard tab > System Monitoring > System Summary item

正解: A

質問 15

Which script can detemine which QRadar process is consuming the most resources?

A. /opt/qradar/support/threadTop.sh

B. /opt/qradar/conf/threadTop.sh

C. /opt/qradar/bin/threadTop.sh

D. /opt/ibm/si/diagnostiq

正解: A

IBM Security QRadar SIEM V7.5 Deployment - C1000-163 模擬練習