IBM C1000-163 Real Exam Questions
The questions for C1000-163 were last updated at Dec 01,2024.
- Exam Code: C1000-163
- Exam Name: IBM Security QRadar SIEM V7.5 Deployment
- Certification Provider: IBM
- Latest update: Dec 01,2024
Which component processes unallocated syslog messages, identifies the DSMs that are installed on the system, and then assigns the appropriate log source type to a new log source?
- A . Discovery analysis
- B . Autodetect traffic
- C . Traffic analysis
- D . DSM discovery analysis
What does it mean when a custom rule is partially matched in QRadar?
- A . The rule is not fully enabled.
- B . The AND NOT operator is set incorrectly in the first test.
- C . All the tests in the rule were fully matched.
- D . Not all the the tests in the rule were fully matched.
Which two types of default building blocks do you need to edit to reduce the number of offenses that are generated by high volume traffic servers?
- A . Host Definition
- B . Server Definition
- C . Traffic Definition
- D . Event Definition
- E . Network Definition
Which QRadar log file contains information about the rates of EPS?
- A . /var/log/qradar.old
- B . /var/qradar.log
- C . /var/log/qradar.log
- D . /var/log/eps.log
Which two statements are prerequisites for an to upgrade of QRadar? (Choose two.)
- A . Verify that scan runs and reports are complete.
- B . Verify that all changes are deployed on the appliances.
- C . Ensure an admin account is logged on the UI.
- D . Clean up all the Offenses before any version upgrade.
- E . Ensure that the ISO file is copied to all the appliances.
Which script can detemine which QRadar process is consuming the most resources?
- A . /opt/ibm/si/diagnostiq
- B . /opt/qradar/support/threadTop.sh
- C . /opt/qradar/bin/threadTop.sh
- D . /opt/qradar/conf/threadTop.sh
How are Events that are associated with an offense listed?
- A . Offense Summary window > click Display > Destination IPs
- B . Offense Summary window > click Source IPs
- C . Offense Summary window > click Events from Event/Flow count column
- D . Offense Summary window > Destination IPs
Where can one share, find available apps, discover what they are used for, discover what they look like, and learn what other users say about apps?
- A . IBM App Share
- B . Extensions Management
- C . IBM Passport Advantage
- D . IBM Security App Exchange
Which are the time criteria in AQL queries?
- A . START, BETWEEN, LAST, NOW, PARSEDATETIME
- B . START, STOP, BETWEEN, LAST
- C . START, STOP, LAST, NOW, PARSEDATETIME
- D . START, STOP, BETWEEN, FIRST
Which two options does a QRadar analyst need to configure in the False Positive window of the QRadar Console to mark an event or flow as False Positive?
- A . Event or flow property and username
- B . Asset and traffic direction
- C . Event or flow property and traffic direction
- D . Event or flow property and port number