IBM C1000-163 Exam Questions and Answers

Text Material Preview

C1000-163 IBM Security QRadar SIEM V7.5 Deployment exam dumps questions
are the best material for you to test all the related IBM exam topics. By using the
C1000-163 exam dumps questions and practicing your skills, you can increase
your confidence and chances of passing the C1000-163 exam.
Features of Dumpsinfo’s products
Instant Download
Free Update in 3 Months
Money back guarantee
PDF and Software
24/7 Customer Support
Besides, Dumpsinfo also provides unlimited access. You can get all
Dumpsinfo files at lowest price.
IBM Security QRadar SIEM V7.5 Deployment C1000-163 exam free dumps
questions are available below for you to study. 
Full version: C1000-163 Exam Dumps Questions
1.Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this
behavior and define vulnerability assessment products or any server that you want to ignore as a
source, edit the "and when the source IP is one of the following" test to include the IP addresses of
the following scanners.
- VA Scanners
- Authorized Scanners
What type of editable building block is described?
A. BB:HostDefinition: VA Scanner Source IP
B. BB:NetworkDefinition: Server Networks
C. BB:HostDefinition: Proxy Servers
D. BB:HostDefinition: Authorized ScannersSource IP
Answer: B
 1 / 7
https://www.dumpsinfo.com/unlimited-access/
https://www.dumpsinfo.com/exam/c1000-163
2.Which is a sign that the QRadar Network Hierarchy requires tuning?
A. MITRE tactics are blue.
B. Dashboards are not updating.
C. The Use Case Manager does not load.
D. There are many Remote-to-Remote events.
Answer: D
3.A deployment professional needs to migrate test rules developed in a test QRadar deployment to a
production QRadar deployment.
Which approach can be used to migrate the rules?
A. Use the Use Case Manager to sync rules between the two deployments.
B. Use the Content Management Tool (CMT) to migrate the specific rules.
C. Use rsync to copy the /store/postgres/ directory that contains configurations.
D. Create a configuration backup, copy it to the production system, and import/restore the backup
configuration.
Answer: B
4.Where is a QRadar license obtained?
A. X-Force Exchange/license app
B. IBM Sales Representative
C. QRadar Console
D. IBMcom/qradar/licenses
Answer: B
5.For the management of applications with Qradar Assistant, which of these is not an option?
A. Pause All Instances
B. Create New Instance
C. Start All Instances
D. Delete All Instances
Answer: A
6.Which QRadar log file contains information about the rates of EPS?
A. /var/log/qradar.old
B. /var/qradar.log
C. /var/log/qradar.log
D. /var/log/eps.log
Answer: C
7.How can you check the amount of used and available RAM on a QRadar appliance?
A. free
B. topmem
C. ramstat
D. memoryfree
Answer: A
 2 / 7
https://www.dumpsinfo.com/
8.Which are the time criteria in AQL queries?
A. START, BETWEEN, LAST, NOW, PARSEDATETIME
B. START, STOP, BETWEEN, LAST
C. START, STOP, LAST, NOW, PARSEDATETIME
D. START, STOP, BETWEEN, FIRST
Answer: C
9.The Server Discovery process updates building blocks based on which of these?
A. Malware detection
B. Port-based filtering
C. MAC address filtering
D. CMDB integration
Answer: D
10.Where are audit logs located?
A. /var/audit
B. /var/log/audit
C. /opt/audit/logs
D. /opt/var/log/audit
Answer: B
11.After working on a QRadar Support case, a set of logs is needed for further review.
Where is the script to gather those logs in case you have no UI access?
A. /opt/qradar/get_logs.sh
B. /bin/qradar/get_logs.sh
C. /bin/qradar/support/get_logs.sh
D. /opt/qradar/support/get_logs.sh
Answer: D
12.If you do not have access to the admin account from the user interface, how to change admin
password?
A. /opt/qradar/bin/changePassword.sh -a
B. /opt/qradar/support/changePassword.sh -a
C. /opt/qradar/bin/changePasswd.sh -a
D. /opt/qradar/support/changePasswd.sh -a
Answer: D
13.Which two of these authentication types are valid for RADIUS authentication? (Choose two.)
A. MSCHAP
B. ASCII
C. TCP
D. PAP
E. XML
Answer: AD
 3 / 7
https://www.dumpsinfo.com/
14.What does QRadar attempt to do when the system generates “Accumulator is falling behind”
warnings?
A. QRadar tries to aggregate the events and flows during the next 60 seconds.
B. QRadar automatically drops the incoming events and flows during that time period.
C. The events that QRadar processes during that period are categorized as stored.
D. Time-series graphs and reports omit columns for the period when the problem occurred.
Answer: C
15.To review the internal changes done in Qradar, what log source in log activity tab must be
selected?
A. SIM Audit
B. Asset profile
C. System notification
D. SIM Generic events
Answer: A
16.A large multinational corporation is expanding its QRadar deployment to new countries. They
decided to implement a geographically distributed deployment.
What may be a benefit of having a processor on site, according to the scenario?
A. Reducing the analyst investigation time, by reducing latency.
B. Compliance with local data laws by storing data in the place of origin.
C. Avoiding latency with searches, especially during multiple concurrent searches.
D. Improving search speeds due to high-speed network connectivity between the QRadar Console
and remote processors.
Answer: B
17.Which step is required for the migration of Ariel data from an old appliance to a new appliance?
A. Remove all the data located on the old appliance.
B. Remove all searches created on the old appliance.
C. Ensure that the destination appliance has internet connectivity.
D. Ensure that the destination appliance has enough space to move the data to it.
Answer: D
18.What is the hostcontext service?
A. The primary service that runs on each managed host and controls core QRadar processes.
B. It is responsible for running display engine (GUI) as implementation of the Java Servlet,
JavaServer Pages, Java Expression Language and Java WebSocket technologies.
C. It stores configuration and reference data about log sources, the deployment, assets, offense data
and more.
D. It opens random ports for communication between components on a managed host
Answer: A
19.Retention buckets are sequenced in order. If a record matches all the filter criteria of multiple
buckets, where is the record stored?
A. Bucket in the topmost row
B. Bucket in the bottommost row
C. Bucket with the oldest modification date
 4 / 7
https://www.dumpsinfo.com/
D. Bucket with the newest modification date
Answer: A
20.Which app can be used to find the state (active, standby, offline, or unknown) of each appliance,
the number of notifications for each host, the host name and appliance type, disk usage, status, and
time changed?
A. QRadar Operations
B. QRadar Deployment Monitoring
C. QRadar Performance Assistant
D. QRadar Deployment Intelligence
Answer: D
21.When multiple repositories are configured for authentication, what must a user do when they log
in?
A. Specify which repository to use for authentication
B. Disable the admin account used to map the multiple repositories
C. Follow the QRadar prompts for the LDAP server to use for authentication
D. Specify the server addresses of the multiple repositories in the authentication group
Answer: A
22.A QRadar deployment professional needs to transfer the configuration of a distributed environment
(one Console and one EP, not using HA) onto an All-in-One (AIO) system to run some forensics
against data that will be added later.
What approach should the deployment professional suggest for building the new AIO?
A. The configuration of the source environment should be backed up and then restored on the new
AIO. After the system is up, the EP can be removed only by use of back-end PSQL commands.
B. Because the destination environment does not have the same number of appliances, the only
option is to use the content management tool (CMT)to transfer the security configuration.
C. The configuration of the source environment should be backed up and then restored on the new
AIO. After the system is up, the EP can be removed by use of the GUI.
D. Use rsync to transfer the contents of the /store partition to the new system.
Answer: C
23.A company plans to collect event data from two remote sites that have slow WAN links.
These remote sites do not generate many events per second. The company's deployment
professional wants to deploy a system that can use EPS limiters to send events to the Event
Processor to overcome WAN limitations.
What type of appliance can be used to meet this requirement?
A. Data Gateway
B. Disconnected Log Collector
C. Packet Capture appliance
D. Flow Collector
Answer: B
24.Which component processes unallocated syslog messages, identifies the DSMs that are installed
on the system, and then assigns the appropriate log source type to a new log source?
A. Discovery analysis
 5 / 7
https://www.dumpsinfo.com/
B. Autodetect traffic
C. Traffic analysis
D. DSM discovery analysis
Answer: C
25.While reviewing the performance of a QRadar distributed environment, you notice an abnormal
number of events that were generated in the past 24 hours:
38750088 - Performance degradation has been detected in the event pipeline. Event(s) were routed
directly to storage.
As a deployment professional, you ensure that your events per second (EPS) license is adequate and
verify that no changes to rules or custom properties were made in the past week.
Which of these issues can cause QRadar to generate performance degradation events?
A. Too many users log in to QRadar on a daily basis.
B. An abnormal number of reports are generated daily
C. QRadar Vulnerability Manager license is set to only 256 assets
D. DSM parsing issues can cause the event data to route to storage
Answer: D
26.Which direction value means that an undefined local Source IP accesses an external resource?
A. R2L
B. L2R
C. L2L
D. R2R
Answer: D
27.The /store for a QRadar HA setup was migrated to a Fibre Channel device. High Availability is not
needed on this cluster, and it needs to be disconnected.
What changes are required before disconnecting the HA cluster in this scenario?
A. Edit the /etc/fstab on only the secondary HA host to remove the noauto option from /store and
/storetmp.
B. No changes are required before disconnecting the HA cluster.
C. Edit the /etc/fstab on the primary HA host and secondary HA host to remove the noauto option
from /store and /storetmp.
D. Edit the /etc/fstab on only the primary HA host to remove the noauto option from /store and
/storetmp.
Answer: C
28.There are 10 retention buckets in Qradar SIEM. The default is placed in the last line with retention
policy of 30 days. Action is set to delete the data immediately after retention period has expired.
Admin creates another policy on top of the default policy to keep firewall data for 10 days.
What will happen to the data after 30 days?
A. Firewall data will be erased after 30 days
B. Everything will be erased after 30 days
C. Everything will be erased after 10 days
D. Firewall data will be erased after 10 days
Answer: B
 6 / 7
https://www.dumpsinfo.com/
Powered by TCPDF (www.tcpdf.org)
 7 / 7
https://www.dumpsinfo.com/
http://www.tcpdf.org