IBM 000-196 IBM Security QRadar SIEM V7.1 Implementation http://killexams.com/exam-detail/000-196
QUESTION: 52 Vulnerability assessment functionality uses vulnerability scan data to build and populate asset profiles. What other information is added by vulnerability assessments? A. Flows associated with the asset B. Events associated with the asset C. Offenses associated with the asset D. OSVDB data associated with the asset Answer: D QUESTION: 53 Where in the Admin tab are hashing algorithms turned on for events and flows? A. Log Sources B. Flow Sources C. System settings D. Console settings QUESTION: 54 Which two network settings are optional in IBM Security Qradar SIEM V7.1? (Choose two) A. Public IP B. Hostname C. IP Address D. Primary DNS E. Secondary DNS Answer: A, E 19
QUESTION: 55 When using the option Add Group in the Network Hierarchy editor, subgroups can be created using which character? A. : (colon) B.. (period) C., (comma) D. ; (semi-colon) Answer: B QUESTION: 56 The auto update frequency can be set to occur on which two intervals? (Choose two.) A. Daily B. Hourly C. Weekly D. Bi-weekly E. Bi-monthly Answer: A, C QUESTION: 57 What is the correct location for configuring backups? A. The Webmin interface B. The Admin page, click on Event Retention C. The Admin page, click on Backup and Recovery D. /opt/qradar/conf/backup-config/data_backup-config.xml QUESTION: 58 Which appliance type is ideal for deployments in smaller enterprises or departments and cannot be expanded to a distributed model? 20
A. 3124 B. 3105 C. 2100 D. 1790 QUESTION: 59 Which rule will correctly deny all connections from host 192.168.110.23? A. iptables -P INPUT DROP B. iptables -A INPUT-s 192.168.110.23-i DENY C. iptables -A INPUT-s 192.168.110.23-j DROP D. iptables-a INPUT-s 192.168.110.23-i eth0-j DROP Answer: B QUESTION: 60 Which prerequisites must be satisfied to use ALE for remote collection of Windows 2003 event logs? A. The system hosting ALE must be able to ping the remote system. B. The system hosting ALE must have RDP access to the remote system. C. Pile and print sharing must be enabled, and the ALE service account must have read access to the event log of the remote system. D. ALE must be installed on the remote system and forward the events to the system hosting the ALE agent that connects to IBM Security Qradar SIEM V7.1. QUESTION: 61 A customer has a WAN link that is unable to sustain the bandwidth required to send events. Which two appliance types could be placed in the remote location to collect events? (Choose two.) 21
A. 1201 B. 1301 C. 1501 D. 1605 E. 1705, D QUESTION: 62 What information is provided when this command is run on an IBM Security QRadar 1605 appliance? grep Incoming raw event rate /var/log/qradar.log A. The EPS rate after licensing B. The EPS rate of parsed events C. The EPS rate before coalescing D. The EPS rate since the last system restart QUESTION: 63 IBM Security Qradar SIEM V7.1 (QRadar) must be configured to collect events from the BlueCoat SG Appliance using the file protocol. The log file protocol source will permit QRadarto retrieve archived log files from a remote host. These files are transferred one at a time to QPadar for processing. The log file protocol can manage plain text, compressed files, or archives. The log file protocol will use a service to download the files for processing. Which two service types are supported by QRadar? (Choose two.) A. FXP B. FSP C. SCP D. SETP E. SNMP 22
, D QUESTION: 64 Which interface does the IBM Security Qradar SIEM V7.1 appliance support? A. USB B. PS/2 C. HDMI D. Coaxial Answer: A 23
For More exams visit https://killexams.com/vendors-exam-list Kill your exam at First Attempt...Guaranteed!