References:
.ibm.com/support/docview.wss?uid=swg21679314#create
QUESTION:
59
A Deployment Professional is alerted that flows between two assets within a local
network are communicating at a higher rate than normal between midnight and 2 a.m.
The Deployment Professional is asked to determine why this is occurring and decides to
create an alert that will send a notification when the communication happens again.
Which action could be used?
A. Run an AQL query
B. Perform Quick search
C. Perform Custom search
D. Create rule to test for events/flows
Answer:
D
Explanation:
IBM Security QRadar includes rules that detect a wide range of activities, including
excessive firewall denies, multiple failed login attempts, and potential botnet activity.
You can also create your own rules to detect unusual activity.
QUESTION:
60
A custom with IBM Security QRadar SIEIVI V7.2.7 is using Active Directory to
authenticate users. After a crash, the authentication sewers are down and some users
tried to log in before the authentication servers came back up. What will happen to these
users?
A. Local users are able to log in with their local password.
B. Active Directory users are able to log in with their password.
C. Administrative and non-administrative users are unable to log in with their password
until authentication sewers come back online.
D. Logging on is restricted to administrative users and non-administrative will needed to
wait until the authentication sewer comes back online.
Answer:
D
Explanation:
QRadar provides authentication options for both local and external authentication
methods, such as Active Directory or LDAP.
The QRadar Administrative roles have both the external and local authentication
methods available in case the external authentication method fails. If the remote
authentication fails, the Administrative users can login using the local password.
References:
.ibm.com/support/docview.wss?uid=swg21959344
For More exams visit
-
Kill your exam at First Attempt
....
Guaranteed!
