When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar Component needs to be added to meet the EPS demands?
A. Event Manager
B. Event Indexing
C. Event Collector
D. Event Processor
Where are the logs for QFlow stored on IBM Security QRadar SIEM V7.2.8?
A. /var/log/qflow.debug
B. /opt/var/log/qflow.debug
C. /opt/log/qradar/qflow.debug
D. /opt/qradar/log/qflow.debug
Offense data has become corrupted, what option should an IBM Security QRadar SIEM V7.2.8 Administrator consider to recover the offenses?
A. Use Clean SIM option.
B. Log out and Log back in.
C. Use Revert Offenses option.
D. Restore the most recent backup archive.
An Administrator working with IBM Security QRadar SIEM V7.2.8 is constantly receiving the following
message:
"SAR Sentinal: Threshold crossed."
Where will the Administrator tune the settings for these messages?
A. Admin tab -> General Settings -> Global System Notifications
B. Admin tab -> System Configuration -> Global System Notifications
C. Admin tab -> System Notifications -> System Activity Reporter Notifications
D. Admin tab -> System Configuration -> General Settings -> System Notifications
An Administrator needs to see Events per Second (EPS) and Flows per Minute (FPM) coming to IBM Security QRadar SIEM V7.2.8 through a dashboard. How could this be accomplished?
A. Download the dashboard from IBM Security App Exchange.
B. Go to CLI and run the script /opt/qradar/bin/createdashboard.sh
C. Select any dashboard and customize it. Add a system summary item.
D. Create a new dashboard and then go to admin tab. Add item into the dashboard created.
An IBM Security QRadar SIEM V7.2.8 Administrator needs to restore a backup archive after a hardware
failure.
The Administrator has navigated to the System Configuration tab with the Navigation menu, what are the
next steps to restore?
A. System Settings -> upload the backup file that you want to restore -> Configure the parameters >Restore -> OK
B. Backup and Recovery -> select the archive that you want to restore -> Configure -> configure the parameters -> Restore -> OK
C. System Settings -> select the archive that you want to restore -> On Demand Restoration ->Configure > Configure the parameters -> Restore -> OK -> OK
D. Backup and Recovery -> select the archive that you want to restore -> Restore, on the Restore a Backup window -> Configure the parameters -> Restore -> OK -> OK
An IBM Security QRadar SIEM V7.2.8 deployment configured with High-Availability (HA) has both a
primary and secondary host. The administrator needs to test the operation of the primary high-availability
(HA) host automatic failover to the secondary HA host.
What must be configured to accomplish this test?
A. Configure the time interval of heartbeat timeout tests so the secondary HA host receives a response from the primary HA host within 2 minutes.
B. Configure the time interval of heartbeat timeout tests so the secondary HA host does not receive a response from the primary HA host within 2 minutes.
C. Configure the time interval of heartbeat ping tests so the secondary HA host receives a response from the primary HA host within a preconfigured time period.
D. Configure the time interval of the heartbeat ping tests so the secondary HA host does not receive a response from the primary HA host within a preconfigured time period.
An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment has configured an asset data
source with domain information. This has created several new asset profiles.
What would explain these new asset profiles?
A. The asset data source parameter "Collateral Damage Potential" was left at the default "Not Defined"
B. The data in the asset model is domain-aware, this information is applied to all QRadar components, including server discovery.
C. The data in the asset model is used to compare flow data and identify other assets. These assets are added to a "Whitelist" database for asset reconciliation.
D. The asset data source is attempting to process an asset merge. The information from one asset is combined with the information for another asset under the premise that they are actually the same physical asset.
How are Events and Flows licensed in IBM Security QRadar V7.2.8?
A. They are both licensed in a `per minute' value.
B. They are both licensed in a `per second' value.
C. Events are licensed as a `per second' value and Flows as a `per minute' value.
D. Events are licensed as a `per minute' value and Flows as a `per second' value.
An Administrator working with IBM Security QRadar SIEM V7.2.8 is modifying the network hierarchy to
contain a few new subnets contained with the 192.0.0.0/26 range.
What is a valid host range contained in this range?
A. 192.0.0.1 -> 192.0.0.62
B. 192.0.0.1 -> 192.0.0.65
C. 192.0.0.128 -> 192.0.0.192
D. 192.0.0.192 -> 192.0.0.254