IBM
C1000-140
Q1:
Which log source should be used to filter QRadar audit events?
○
A
Health Metrics-2○
B
SIM Audit-2○
C
Audit-log○
D
SIM-Audit-log
IBM
C1000-140
Q2:
What must be done on all managed hosts after the restoration of a config backup on a new console?
○
A
Restart the hostcontext service○
B
Re-add all managed hosts○
C
Restart the docker service○
D
Delete all users
IBM
C1000-140
Q3:
A deployment professional needs to troubleshoot a QRadar application that is not working.
Which tool can be used to aid the troubleshooting of containers and container management on the QRadar Console or App Host?
○
A
qdocker ps○
B
qapp_debug.sh○
C
recon○
D
q_trev.sh
IBM
C1000-140
Q4:
A QRadar deployment professional is asked to migrate the configuration of a system from Log Manager to QRadar SIEM.
How should the custom rules, saved searches, and reports be migrated?
○
A
Use the QRadar config backup and restore process to transfer all configurations.○
B
Use the content management tool (CMT) to transfer the security configuration.○
C
The only option is to use the GUI to manually recreate any required content.○
D
Use rsync to transfer the contents of the /store partition to the new system.
IBM
C1000-140
Q5:
What does QRadar attempt to do when the system generates ''Accumulator is falling behind'' warnings?
○
A
QRadar tries to aggregate the events and flows during the next 60 seconds.○
B
QRadar automatically drops the incoming events and flows during that time period.○
C
The events that QRadar processes during that period are categorized as stored.○
D
Time-series graphs and reports omit columns for the period when the problem occurred.