IBM C1000-156 IBM Security QRadar SIEM V7.5 Administration Online Training
IBM C1000-156 Online Training
The questions for C1000-156 were last updated at Dec 25,2024.
- Exam Code: C1000-156
- Exam Name: IBM Security QRadar SIEM V7.5 Administration
- Certification Provider: IBM
- Latest update: Dec 25,2024
Which two (2) pieces of information from the MaxMind account must be included in QRadar for geographic data updates?
- A . Account/User ID
- B . API key
- C . License Key
- D . MaxMind username
- E . API password
To detect outliers, which Anomaly Detection Engine rule tests events or flows for volume changes that occur in regular patterns?
- A . Behavioral rules
- B . Threshold rules
- C . Anomaly rules
- D . Building block rules
What is the default day and time setting for when QRadar generates weekly reports?
- A . Sunday 01:00 AM
- B . Monday 02:00 AM
- C . Sunday 02:00 AM
- D . Monday 01:00 AM
When creating an identity exclusion search, what time range do you select?
- A . Previous 7 days
- B . Real time (streaming)
- C . Previous 30 days
- D . Previous 5 minutes
A QRadar administrator needs to quickly check the disk space for all managed hosts.
Which command does the administrator use?
- A . /opt/qradar/support/all_servers.sh ‘Is -ltrsh"
- B . /opt/qradar/support/all_servers.sh "rra -rf /store’
- C . /opt/qradar/support/all_servers.sh -C -k ‘df -Th’
- D . /opt/qradar/support/all_servers.sh -C -K ‘watch Is’
Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?
- A . TAXII
- B . AQL
- C . STIX
- D . JSON
- E . OSINT
Which event advanced search query will check an IP address against the Spam X-Force category with a confidence greater than 3?
- A . select * from events where XFORCE_IP_CONFIDENCE( ‘Spam’, sourceip>>3
- B . select * from flows where XFORCE_IP_CONFIDENCE{‘Spam’, sourceip)<3
- C . select * from flows where XF0RCE_iP_C0NFiDEKCE{*Malware’,sourceip)-3
- D . select * from events where XF0RCE_IP_C0NFIDENCE(‘Malware’,sourceip)>3
When will events or flows stop contributing to an offense?
- A . When the offense becomes dormant
- B . When the offense becomes inactive
- C . After the offense is assigned to an analyst
- D . When you protect the offense
What is the main reason for tuning a building block?
- A . Increasing the performance of the ecs-ec-ingress service
- B . Reducing the number of false positives
- C . Properly documenting the building block for future administrators
- D . Reducing EPS usage
What is the primary method used by QRadar to alert users to problems?
- A . System Notifications
- B . System Summary
- C . Use Case Manager
- D . QRadar Assistant