923 お客様のコメント
質問 1:
A client has reached the maximum of 5000 EPS for their 3128 All-in-One appliance. They have just
completed an acquisition of a competitor company and would like to get them on-board with collecting
events for correlation in QRadar. It has been determined that the newly acquired company has a large
number of log sources, and it is estimated that its total EPS will be approx. 22000 EPS.
What will meet the hardware requirements when changing to a distributed environment?
A. 1622 Event Processor
B. 1628 Event Processor
C. 1624 Event Processor
D. 1605 Event Processor
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A software install is being performed on a client's hardware. The Deployment Professional is about to
install the QRadar software on a host which will become an HA primary.
Which command is mandatory?
A. tail-f/var/bin/ha.logs
B. /media/cdrom/post/prepare_ha.sh
C. /opt/qradar/bin/prepare_ha.sh
D. /opt/qradar/ha_setup.sh
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth
WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events
from the newly acquired branch and to forward them on a schedule, after hours during the trough of
activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
A. 1501 Event Collector
B. 1202 QFlow Collector
C. 1400 Data Node
D. 1605 Event Processor
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A Deployment Professional needs to store information in the IBM Security QRadar SIEM V7.2.7 asset
database which is provided from the customer's configuration management data base (CMDB). The
CMDB provides a nightly dump of information like 'Technical Owner' and "Asset weight' tied to an IP
address.
Which integration mechanism with QRadar will allow this information to be maintained?
A. Upload the information in a CSV format using the 'Import Assets' function
B. Send syslog LEEF formatted identity events to the 'Asset Profiler-2' log source
C. Use REST-API calls with the /asset_model/assets/{asset_id} endpoint
D. Schedule the AXIS scanner to import a pre-formatted XML file with the required data
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A Deployment Professional is alerted that flows between two assets within a local network are
communicating at a higher rate than normal between midnight and 2 a.m. The Deployment Professional is
asked to determine why this is occurring and decides to create an alert that will send a notification when
the communication happens again.
Which action could be used?
A. Perform Custom search
B. Perform Quick search
C. Create rule to test for events/flows
D. Run an AQL query
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
A client has reached the maximum of 5000 EPS for their 3128 All-in-One appliance. They have just
completed an acquisition of a competitor company and would like to get them on-board with collecting
events for correlation in QRadar. It has been determined that the newly acquired company has a large
number of log sources, and it is estimated that its total EPS will be approx. 22000 EPS.
What will meet the hardware requirements when changing to a distributed environment?
A. 1622 Event Processor
B. 1628 Event Processor
C. 1624 Event Processor
D. 1605 Event Processor
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
A software install is being performed on a client's hardware. The Deployment Professional is about to
install the QRadar software on a host which will become an HA primary.
Which command is mandatory?
A. tail-f/var/bin/ha.logs
B. /media/cdrom/post/prepare_ha.sh
C. /opt/qradar/bin/prepare_ha.sh
D. /opt/qradar/ha_setup.sh
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth
WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events
from the newly acquired branch and to forward them on a schedule, after hours during the trough of
activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
A. 1501 Event Collector
B. 1202 QFlow Collector
C. 1400 Data Node
D. 1605 Event Processor
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
A Deployment Professional needs to store information in the IBM Security QRadar SIEM V7.2.7 asset
database which is provided from the customer's configuration management data base (CMDB). The
CMDB provides a nightly dump of information like 'Technical Owner' and "Asset weight' tied to an IP
address.
Which integration mechanism with QRadar will allow this information to be maintained?
A. Upload the information in a CSV format using the 'Import Assets' function
B. Send syslog LEEF formatted identity events to the 'Asset Profiler-2' log source
C. Use REST-API calls with the /asset_model/assets/{asset_id} endpoint
D. Schedule the AXIS scanner to import a pre-formatted XML file with the required data
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A Deployment Professional is alerted that flows between two assets within a local network are
communicating at a higher rate than normal between midnight and 2 a.m. The Deployment Professional is
asked to determine why this is occurring and decides to create an alert that will send a notification when
the communication happens again.
Which action could be used?
A. Perform Custom search
B. Perform Quick search
C. Create rule to test for events/flows
D. Run an AQL query
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
取池** -
隙間時間にも学習が進められるアプリバージョン最高でした。この本はわかりやすかったです。