During restoration of a configuration backup on the system in the Restore a Backup window, which is a parameter or item a QRadar specialist can select to be restored?
- A . Generated report content
- B . QVM Scan profiles and results
- C . Application data
- D . Event data
Which statement is valid about the SAML authentication feature?
- A . Users enter local credentials every time they access QRadar.
- B . You cannot use the x509 certificate, only the provided QRadar_SAML certificate.
- C . You can integrate QRadar with your corporate identity server to provide single sign-on.
- D . Authentication is exchanged by using digitally signed HTML documents.
A QRadar deployment uses multiple domains to provide data separation between different departments in the organization.
When the tenants and users are configured, which constraints are enforced?
- A . A tenant can contain multiple domains; each domain may be in multiple tenants.
- B . A tenant can contain only one domain; each tenant can only have a single user.
- C . A tenant can contain multiple domains; each domain may only be in a single tenant.
- D . A tenant can contain only one domain; each tenant can have multiple users.
A company plans to collect event data from two remote sites that have slow WAN links. These remote sites do not generate many events per second. The company’s deployment professional wants to deploy a system that can use EPS limiters to send events to the Event Processor to overcome WAN limitations.
What type of appliance can be used to meet this requirement?
- A . Packet Capture appliance
- B . Data Gateway
- C . Flow Collector
- D . Disconnected Log Collector
For the management of applications with Qradar Assistant, which of these is not an option?
- A . Pause All Instances
- B . Create New Instance
- C . Start All Instances
- D . Delete All Instances
Which two of these authentication types are valid for RADIUS authentication? (Choose two.)
- A . MSCHAP
- B . ASCII
- C . TCP
- D . PAP
- E . XML
A QRadar deployment professional wants to integrate a dynamic data set like asset information so that QRadar can use the latest information in the new data set to correlate the rules and alerts.
How can the deployment professional achieve this?
- A . Use the QRadar Search to search each item in the list of imported data set.
- B . Import the dynamic data in the reference set and use these reference sets in rules and building blocks.
- C . Use the Threat Intelligence app.
- D . Use the UCM app.
During an App Host migration, a deployment professional needs to ensure that all the apps are stopped.
Which task will stop the apps from running?
- A . Use the QRadar API
- B . Use the Log Activity tab
- C . Reinstall the apps
- D . Go to each app’s configuration
What is an approach to tuning a “noisy” rule, that is, a rule that generates too many offenses?
- A . Determine whether the rule matches too many conditions in the traffic.
- B . In the offense output, scroll down and review the “Excessive” flags.
- C . Confirm that the rule is enabled.
- D . Use the QRadar Pulse app to map noisy offense output.
Which QRadar log file contains information about the rates of EPS?
- A . /var/log/eps.log
- B . /var/qradar.log
- C . /var/log/qradar.log
- D . /var/log/qradar.old
Which of these statements is true about network objects?
- A . A network object can have multiple CIDR ranges assigned to it.
- B . A network object must have at least one CIDR range per QRadar domain.
- C . A network object represents a single asset that is connected to a network.
- D . A network object is a group of assets that are connected to a network.
A QRadar deployment professional needs to add a managed host to help reduce the load on the QRadar Console.
The managed host should have local storage and also use the QRadar Custom Rule Engine.
Which managed host does the deployment professional add?
- A . Event Collector
- B . App Host
- C . Disconnected Log Collector
- D . Event Processor
Which statement about the Extensions Management tool in QRadar is true?
- A . The Extensions Management tool can be used to add a log source.
- B . The Extensions Management tool cannot be used to export content out of QRadar.
- C . QRadar can be updated by using the Extensions Management tool.
- D . CSV extensions can be imported into QRadar.
An authentication token is generated on the QRadar Console for WinCollect agent installation.
What kind of WinCollect agent needs an authentication token?
- A . Managed WinCollect agent
- B . Stand-alone WinCollect agent
- C . Independent WinCollect agent
- D . Dependent WinCollect agent
Which type of network hierarchy can be configured in QRadar?
- A . Any range of IP addresses
- B . IPv6 only
- C . IPv4 only
- D . /24 range of IP addresses
What does QRadar attempt to do when the system generates “Accumulator is falling behind” warnings?
- A . QRadar tries to aggregate the events and flows during the next 60 seconds.
- B . QRadar automatically drops the incoming events and flows during that time period.
- C . The events that QRadar processes during that period are categorized as stored.
- D . Time-series graphs and reports omit columns for the period when the problem occurred.
Which log source should be used to filter QRadar audit events?
- A . Health Metrics-2
- B . SIM Audit-2
- C . Audit-log
- D . SIM-Audit-log
For tenant data retention, what is the maximum number of buckets for shared data that can be created per tenant?
- A . 2
- B . 10
- C . No limit
- D . 20
Which of these views is provided by the DSM Editor?
- A . Event Mappings tab, Flow tab, Protocols
- B . Workspace, Event Mappings tab, Configuration tab
- C . Dashboard, Event properties, Configuration tab
- D . Workspace, Flow tab, Event properties
A QRadar deployment professional is asked to migrate the configuration of a system from Log Manager to QRadar SIEM.
How should the custom rules, saved searches, and reports be migrated?
- A . Use the QRadar config backup and restore process to transfer all configurations.
- B . Use the content management tool (CMT) to transfer the security configuration.
- C . The only option is to use the GUI to manually recreate any required content.
- D . Use rsync to transfer the contents of the /store partition to the new system.