References: .ibm.com/support/docview.wss?uid=swg21679314#create QUESTION: 59A Deployment Professional is alerted that flows between two assets within a local network are communicating at a higher rate than normal between midnight and 2 a.m. The Deployment Professional is asked to determine why this is occurring and decides to create an alert that will send a notification when the communication happens again.Which action could be used? A. Run an AQL query B. Perform Quick search C. Perform Custom search D. Create rule to test for events/flows Answer: D
Explanation: IBM Security QRadar includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. You can also create your own rules to detect unusual activity. QUESTION: 60 A custom with IBM Security QRadar SIEIVI V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication sewers are down and some users tried to log in before the authentication servers came back up. What will happen to these users? A. Local users are able to log in with their local password. B. Active Directory users are able to log in with their password. C. Administrative and non-administrative users are unable to log in with their password until authentication sewers come back online. D. Logging on is restricted to administrative users and non-administrative will needed to wait until the authentication sewer comes back online. Answer: D Explanation: QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP. The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password. References: .ibm.com/support/docview.wss?uid=swg21959344
For More exams visit -Kill your exam at First Attempt....Guaranteed!