GoShiken C1000-055問題集62問でIBM Security Systemsを確実実践
リアル最新C1000-055試験問題C1000-055問題集
質問 13
A deployment professional configures domain definitions for events in a multi-tenant QRadar environment.
The domain assignments for tenants, flows, VA scanners, reference data, network hierarchy items are already configured.
Which is the order of precedence between the incoming event's attributes when evaluating its domain assignment?
- A. Tenant, Log Source, Network Hierarchy, Log Source Group
- B. Tenant, Network Hierarchy. Log Source, Event Collector
- C. Custom Properties, Log Source, Log Source Group. Event Collector
- D. Custom Properties, Network Hierarchy, Log Source, Event Collector
正解: B
質問 14
A deployment professional needs to find out which rules are generating most of the offenses. What should the deployment professional do? (Choose two)
- A. Generate Report "System Summary"
- B. Use search where Log source is Custom Rule Engine-8 :: <qradar hostname> and choose Grouping by Event Name
- C. Offenses -> By Category
- D. Offenses -> Rules -> Sort by Offense Count
- E. Use search where Log source is Health Metrics-2 :: <qradar hostname> and choose Grouping by Event Name
正解: A,D
質問 15
A deployment professional has been asked to create some Reference Data to identify activity on executive's email addresses. The customer has provided the list of the current email addresses and has stated that these need to be updated from time to time as the organization changes. Changes should be handled in the standard Graphical User Interface (GUI) of the QRadar Console.
Which Reference Data should the deployment professional create for this purpose?
- A. Reference Table
- B. Reference Map
- C. Reference Map Of Sets
- D. Reference Set
正解: D
質問 16
Two newly installed QRadar applications are creating performance issues at the console. How should the deployment professional proceed?
- A. Deploy two different App Hosts as both applications might need dedicated resources. App auto-balancing is enabled by default.
- B. Deploy two different App Nodes as both applications might need dedicated resources. App auto-balancing is enabled by default.
- C. Deploy one App Node, move apps from the console and test if the situation improves.
- D. Deploy one App Host, move apps from the console and test if the situation improves.
正解: B
質問 17
A company has specific data retention policies to keep log data online for 5 years. The current QRadar storage will not handle this amount of data.
Which are possible solutions? (Choose two)
- A. Migrate the QRadar /store/ariel file system to a larger off board storage device
- B. Implement Data Node(s)
- C. Implement Flow Processor(s)
- D. Implement a high availability (HA) solution
- E. Implement Event Collector(s)
正解: A,C
質問 18
A deployment professional sees that there are occasional spikes in the EPS (Events per second). The host has
1000 EPS allocated but the occasional spikes go up to 1185 EPS.
What happens with the events when they go over the allocated amount?
- A. Events are dropped.
- B. Events are shown normally, but no offenses are generated.
- C. Events are shown normally, QRadar has 20% buffer.
- D. Events are moved to a temporary queue.
正解: D
質問 19
As a small company has grown, no standard was defined. Each time the network was expanded, the bid with the lowest cost was accepted. As a result, the infrastructure is a mix of equipment from different manufactures.
A deployment professional is planning on standardizing flow collection. Which flow source data format should the deployment professional use?
- A. sFlow
- B. NetFlow
- C. A-Flow
- D. J-Flow
正解: A
質問 20
A deployment professional is creating an architecture for a customer who has locations which regularly go out of contact with the rest of the network. The requirement is to receive logs locally and then have a scheduled connection to QRadar to upload the events.
Which QRadar appliances should be deployed in these locations?
- A. 31 xx All-in-One with Online Forwarding configured
- B. Disconnected Log Collector with UDP configured
- C. 16xx Event Processor with a Store and Forward schedule
- D. 15xx Event Collector with a Store and Forward schedule
正解: C
質問 21
A company is currently using 2500 EPS (events per second). A deployment professional is required to plan for a large reorganization project within the company that would increase the EPS to 7500 for 5 months.
What type of licensing should the deployment professional choose?
- A. phased
- B. progressive
- C. incremental
- D. cumulative
正解: A
質問 22
The iSCSI offboard storage is being configured. Which sequence should be used?
- A. Stop services on QRadar > Mount iSCSI file system > Migrate the data to iSCSI > Configure iSCSI
- B. Stop services on QRadar > Configure iSCSI > Mount iSCSI file system /store > Migrate the data to iSCSI
- C. Configure iSCSI > Stop services on QRadar > Migrate the data to iSCSI > Mount iSCSI file system
- D. Stop services on QRadar > Migrate the data to iSCSI > Configure iSCSI > Mount iSCSI file system
正解: C
質問 23
A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.
What can the deployment professional do to comply with local data laws?
- A. Install Event and Flow Processors in the United States data center.
- B. Install Event and Flow Collectors in the European data center.
- C. Install Event and Flow Processors in the European data center.
- D. Install Data Nodes in the European data center.
正解: B
質問 24
A systems team has configured their application to send syslog via tcp to a QRadar event collector. The deployment professional has noted that no such logs have arrived for the pre-defined log source.
To troubleshoot this and to prove this traffic has/has not arrived at the event collector, what command can be used from the event collector CLI?
(The Device_Address is an IPv4 address or a host name)
- A. pcap -s 0 -A host Device_Address and udp port 514
- B. tcpdump -s 0 -A host DeviceAddress and port 514
- C. tcpdump -s 0 -A host Device Address and udp port 514
- D. pcap -s 0 -A host Device Address and port 514
正解: D
質問 25
A deployment professional needs to include a network inspection device in a banking organization as per the new security guidelines. Real time threat investigation has to be done along with the post-incident analysis. A QRadar Incident Forensics has been included in the design for post-incident forensic analysis.
Which devices should be chosen for the realtime analysis?
- A. Flow Collector (FC) and Flow Processor (FP)
- B. Flow Collector (FC) and QRadar Network Insight (QNI)
- C. Network PCAP and Flow Processor (FP)
- D. QRadar Network Insight (QNI) and Flow Processor (FP)
正解: C
質問 26
A deployment professional is faced with the following system notification.
38750107 - The last attempt to read in rules (usually due to a rule change) has failed. Please see the message details and error log for information on how to resolve this.
What should the deployment professional do after trying to disable and enabling the rule?
- A. Delete and recreate the rule.
- B. Modify the rule.
- C. Create a new rule without deleting the old rule.
- D. Before doing anything else, call customer support.
正解: D
質問 27
A deployment professional is working on integrating an unsupported log source. The log source is able to send events in multiple formats. The administrators of the log source ask which event format should be configured.
Which event format should the deployment professional choose to be able to use direct parsing support in QRadar's DSM editor?
- A. Regex
- B. LEEF
- C. SAML
- D. BLOB
正解: D
質問 28
A deployment professional is asked to create QRadar deployment architecture for a company.
The company has three branch offices with WAN connection between them. The head office data center requires 14000 EPS and 200000 FPM. Each branch requires 4000 EPS and 200000 FPM.
Which deployment solution will meet the minimum requirements?
- A. QRadar 3105 (Console) and QRadar Event and Flow Processor 1829 in head office + QRadar 1805 Event and Flow Processor in each branch office
- B. QRadar 3129 (All-in-One) in head office
- C. QRadar 3129 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office
- D. QRadar 3105 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office
正解: D
質問 29
A deployment professional wishes to implement a QRadar product which provides network topology, active attack paths and high-risk assets risk-score adjustment on assets based on policy compliance.
Which product would the deployment professional deploy to achieve this?
- A. QRadar Incident Forensics
- B. QRadar Vulnerability Scanner
- C. QRadar Topology Scanner
- D. QRadar Risk Manager
正解: C
質問 30
A deployment professional needs to create a SIEM architecture plan. The deployment professional needs to consider applying a set of security policies (or questions) about the client's network and monitor the policies for changes. It is important also to query all network connections, compare device configurations, filter the network topology, and simulate the possible effects of updating device configurations.
Which component can be added to the deployment to meet this security business objective?
- A. QRadar Incident Forensics
- B. QRadar Network Insights
- C. QRadar Vulnerability Manager
- D. QRadar Risk Manager
正解: C
質問 31
A deployment professional needs to add a new log source using the Log File protocol. The log source should be limited to 2000 EPS.
Which option of a log source should be configured?
- A. FPM Throttle
- B. EPS Throttle
- C. Maximum EPS
- D. Maximum FPM
正解: C
質問 32
A deployment professional is working with a client that develops their own in house applications. The customer would like to log events from these applications. Because these applications are hosted on Windows servers inside of the clients DMZ, the client wants to limit the ports on which they will allow access. All logs are written to a flat file named debugJog in the c:\app\logs folder of the host.
Which option is a developed strategy for integrating these logs with QRadar SIEM?
- A. Install managed Wincollect instances, create a custom DSM and use the Microsoft Security Event Log DSM to create a xpath query to ingest the data.
- B. Create a custom DSM and use the MSRPC protocol communicate with the servers and ingest the log file.
- C. Install managed Wincollect instances on the servers, create a custom DSM and use the Wincollect Log Forwarder protocol to ingest events from the log file.
- D. Install unmanaged Wincollect instances on the servers, create a custom DSM and use the Wincollect File Forwarder protocol to ingest events from the log file.
正解: D
質問 33
A deployment professional is notified that event and flow data that are sent to the All-in-One are not processing. However, there is no issue with the existing data.
What should the deployment professional investigate?
- A. Check the connection between Console and the Event Processor.
- B. Check the connection between All-in-One and the X-Force.
- C. Check to see if the Event Collector license is expired.
- D. Check to see if the All-in-One license is expired.
正解: C
質問 34
......
IBM C1000-055 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
C1000-055別格な問題集で最上級の成績にさせるC1000-055問題:https://www.goshiken.com/IBM/C1000-055-mondaishu.html