An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to enable the PCI report template. What is the procedure to accomplish this task?
A. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> Select "Enable"
B. Report Tab -> Enable "Show all templates" -> Group List -> Compliance -> PCI
C. Reports Tab -> Clear "Hide Inactive Reports" box -> Group List -> Compliance -> PCI
D. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> uncheck "Hide Template"
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named
User1 from a reference set with the name "Allowed Users" from the command line interface.
Which command will accomplish this?
A. ./UtilReferenceSet.sh purge "Allowed Users" User1
B. ./ReferenceSetUtil.sh purge "Allowed Users" User1
C. ./ReferenceSetUtil.sh delete "Allowed\ Users" User1
D. ./UtilReferenceSet.sh delete "Allowed\ Users" User1
When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar Component needs to be added to meet the EPS demands?
A. Event Manager
B. Event Indexing
C. Event Collector
D. Event Processor
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to assign a report to a group
named Network Management.
What is the process for this task to be completed?
A. Reports Tab -> Select report -> Actions -> Assign Groups -> Item Groups -> select Network Management -> Assign Groups
B. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Groups -> select Network Management -> Assign
C. Reports Tab -> Select report -> Actions -> Assign Users -> User Groups -> select Network Management -> Assign Users
D. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Users -> select Network Management -> Assign
Where are the logs for QFlow stored on IBM Security QRadar SIEM V7.2.8?
A. /var/log/qflow.debug
B. /opt/var/log/qflow.debug
C. /opt/log/qradar/qflow.debug
D. /opt/qradar/log/qflow.debug
Where are the IBM Security QRadar SIEM V7.2.8 log files located?
A. /var/qradar.log
B. /var/log/qradar.log
C. /opt/qradar/log/qradar.log
D. /opt/qradar/support/qradar.log
An Administrator is tasked with installing additional log sources into an IBM Security QRadar SIEM V7.2.8
deployment, bringing the total number of log source to 900. The deployment is using the default license
and the Administrator is getting an error attempting to add these additional log sources.
Why is this error happening?
A. The default license only allows 250 log sources.
B. The default license only allows 500 log sources.
C. The default license only allows 750 log sources.
D. The default license only allows 800 log sources.
An IBM Security QRadar SIEM V7.2.8 Administrator notices a specific MAC address added to the Asset
Reconciliation Domain MAC was blacklisted.
What scenario is causing this to occur?
A. When a MAC address is associated to three or more different IP addresses in 2 hours or less.
B. When an IPv4 address is associated to three or more different MAC addresses in 2 hours or less.
C. When a MAC address is associated to three or more different IP addresses in 10 minutes or less.
D. When an IPv4 address is associated to three or more different MAC addresses in 10 minutes or less.
An Administrator working with IBM Security QRadar SIEM V7.2.8 only needs to remove a single host
(10.1.95.142)
from the reference set with the name "Asset Reconciliation IPv4 Whitelist" from the
command line interface.
Which command would accomplish this task?
A.
./RefereceSetUtil.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142
B.
./RefereceSetUtil.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142
C.
./RefereceSetData.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142
D.
./RefereceSetData.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142
An Administrator is adding a log source in IBM Security QRadar SIEM V7.2.8.
What required software application that supports the log source should be used for this procedure?
A. QRadarQFlow Collector
B. QRadar Event Collector
C. Device Support Module (DSM)
D. IBM X-Force Exchange plug-in for QRadar
What are the four categories of notifications found in IBM Security QRadar SIEM V7.2.8 system notifications?
A. Errors, Critical, Minor and Information
B. Errors, Warning, Information, and Health
C. Warning, Information, System and Critical
D. Errors, Warning, Information, and Performance
What key point should be understood about how flow information in IBM Security QRadar SIEM V7.2.8 is used?
A. Flow information generates the response that is configured in the custom rule.
B. Flow information is sent to QRadarQFlow Collector which normalizes raw log source events.
C. Flow information is actively gathered from the QRadar Event Collector and provides views, reports and alerts to the administrator.
D. Flow information is used to detect threats and other suspicious activity that might be missed if only event information were tracked.
An IBM Security QRadar SIEM V7.2.8 Administrator has been retaining event data for compliance purposes. Data is no longer necessary and the administrator needs to delete a specific retention bucket. Where does the Administrator do this configuration?
A. Administrator needs to reset the SIM and purge the file system
B. Admin tab -> Data Sources -> Flow retention icon -> Select the flow retention bucket -> Delete
C. Admin tab -> Data Sources -> Event retention icon -> Select the event retention bucket -> Delete
D. Admin tab -> Data Sources -> Event or Flow retention -> Double-click the first empty row in the table -> Delete
An Administrator working with IBM Security QRadar SIEM V7.2.8 wants to view the general statistics of all
hosts in the Distributed Environment.
Where can the Administrator find this information?
A. Admin tab -> System Status -> System Health
B. Admin tab -> General Settings -> System Health
C. Admin tab -> System Configuration -> System Health
D. Admin tab -> System Configuration -> System Statistics
An IBM Security QRadar SIEM V7.2.8 Administrator wants to change the reference set type. What step(s) need to be taken to accomplish this?
A. Use the CLI with the ReferenceSetUtil.sh script
B. Recreate the reference set with the new data type
C. Admin tab -> System Configuration -> Reference: Set Management -> Edit
D. Admin tab -> System Configuration -> Reference: Set Type Management -> Edit