Note! Following C1000-055 Exam is Retired now. Please select the alternative replacement for your Exam Certification.

C1000-055 Exam Dumps - IBM QRadar SIEM V7.3.2 Deployment

Question # 4

QRadar is configured to periodically update an IP address list from a 3rd party threat intelligence provider using the Threat Intelligence app. The IP address data is used in a CRE rule to create an offense in case a connection attempt toward any IP address on the list is seen.

Which QRadar component stores the collected IP address data?

Building Block

X-Force Threat Feed

Reference Set

Custom Rule

Full Access

Question # 5

A deployment professional decides to improve visibility in the network and successfully installs the Flow Collector.

What should the deployment professional connect the Flow Collector to?

WAN port

SPAN port

LAN port

SAN port

Full Access

Question # 6

A deployment professional is asked to create QRadar deployment architecture for a company.

The company has three branch offices with WAN connection between them. The head office data center requires 14000 EPS and 200000 FPM. Each branch requires 4000 EPS and 200000 FPM.

Which deployment solution will meet the minimum requirements?

QRadar 3105 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office

QRadar 3129 (Console) in head office + QRadar 1805 Event and Flow Processor in each branch office

QRadar 3105 (Console) and QRadar Event and Flow Processor 1829 in head office + QRadar 1805 Event and Flow Processor in each branch office

QRadar 3129 (All-in-One) in head office

Full Access

Question # 7

A deployment professional needs to clear out the Asset Database in IBM QRadar. Which service on the Console is restarted when script cleanAssetModel.sh is executed?

PostgressDB

Hostcontext

Hostservices

Tomcat

Full Access

Question # 8

An application developer is working on a reporting tool that fetches and visualizes data from multiple data sources. The deployment professional is asked to explain how to make authenticated requests on QRadar using its REST API interface.

Which authentication method is supported by QRadar's REST API?

Authorization token in an HTTP header

Authorization token in an LTPA token

Authorization token in an HTTP query string

Authorization token in an JWT token

Full Access

Question # 9

A QRadar customer has a custom log source. The deployment professional has already created a custom DSM for the log source and all incoming events are correctly parsed and mapped to a QID. Now, in addition to the currently parsed properties, the customer requires that the information about the last logged in user is recorded in the asset database.

How can the deployment professional fulfill the requirement?

Use the DSM editor to ensure that the Identity Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor enable identity data for the login success event type.

Use the DSM editor to ensure that the Username property is correctly parsed. Create an expression for any available identity property and ensure it is correctly parsed. Also, in the DSM editor, enable the identity data for the login success event type.

Use the DSM editor to create an expression for the Username property so it is correctly parsed. Create an expression for any available identity property and make sure it is correctly parsed. It is automatically applied to all events with low level category "User login success".

Use the DSM editor to create an expression for the Identity Username property and make sure it

parses correctly. It is automatically applied to all events with low level category "User login success".

Full Access