C1000-156 Exam Questions

Which two (2) pieces of information from the MaxMind account must be included in QRadar for geographic data updates?

To detect outliers, which Anomaly Detection Engine rule tests events or flows for volume changes that occur in regular patterns?

What is the default day and time setting for when QRadar generates weekly reports?

When creating an identity exclusion search, what time range do you select?

A QRadar administrator needs to quickly check the disk space for all managed hosts. Which command does the administrator use?

Which two (2) open standards does the QRadar Threat Intelligence app use for feeds?

Which event advanced search query will check an IP address against the Spam X-Force category with a confidence greater than 3?

When will events or flows stop contributing to an offense?

What is the main reason for tuning a building block?

What is the primary method used by QRadar to alert users to problems?

What occurs when QRadar reaches the events per second (EPS) or flows per minute (FPM) shared license pool limits?

Which three (3) resource restriction types are available in QRadar?

How can you configure a log source to provide events to different domains?

An administrator receives a file with all the vital assets in the company and wants to import this file into QRadar. How must this import file be formatted?

When do you consider reconfiguring your QRadar environment to a distributed deployment?

What is the REST API interface to install and manage applications that are created by using the GUI Application Framework Software Development Kit?

A user reports that some data points are missing from a generated report. The logs show these notifications, which are determined to be the root cause of the problem: The accumulat...

You want to use a quick filter search to look for certain elements: - 10.100.100.* - BlueCoat - TCP_REFRESH_MIS Which string provides the correct results?

Which command in QRadar allows you to run a specific command inside of a specific container, when given an app ID. or a combination of workload, service, and container?

When adjusting a custom email template, which two elements do you edit to include the customizations?

An administrator wants to export a list of events to a CSV file. Which items are in the default columns of the search result?

An administrator would like to optimize event and flow payload searches for log data that is stored for up to a month. What does an administrator need to do to achieve that require...

From which site can you download software updates for QRadar?

A ORadar administrator needs to upgrade the system to patch a vulnerability. In what order does the administrator upgrade the managed hosts?

A ORadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period. Which method can be used to accomplish this goal?

A ORadar administrator creates a new saved search in QRadar and wants to add the search to a dashboard, but the option "Include in my Dashboard" cannot be selected. What is a possi...

What are some of the supported custom property expression types in QRadar?

An administrator opens the Offenses section and goes to Rules to edit the system notification rule. What is the rule name for system notifications?

In a single domain QRadar deployment, which IP addresses are considered local?

Which is the default port for the first NetFlow flow source that is configured in QRadar?

Which user role is defined by default in QRadar?

You analyzed network flows and decided that you want to track any network bandwidth violations by any application that comes from your network source. You want to report on all app...

An administrator is evaluating domain criteria based on an event. The result of a regular expression that was defined in a custom property does not match a domain mapping, and the...

What is the most restrictive permissions a user needs in order to see all of the events from a particular log source in the Log Activity tab?

What is the Advanced Search field used for?

What parameter contributes to the magnitude score of an offense?

Which command can a QRadar administrator use to connect to the QRadar app container?

Before configuring a WinCollect log source, which two ports does a QRadar administrator ensure are open?

On which managed hosts is QRadar event data stored in the Ariel database?

You are using the command line interface (CLI) and need to fix a storage issue. What command do you use to verify disk usage levels?

How can an administrator configure a rule response to add event data to a reference set?

Domain assignments lake precedence over the settings of which other elements from a security profile?

An administrator is reviewing the system notifications and discovers this error: Insufficient disk space to complete data export request. The Export Directory property in the Syste...

Which two (2) data sources can be assigned to a domain in the Domain Management function?

Which field is mandatory when you use the DSM Editor to map an event to a OID?

When restoring backups of your apps in a QRadar environment, what information is restored?

How many vulnerability processors can you have in your deployment?

The Report wizard provides a step-by-step guide to design, schedule, and generate reports. Which three (3) key elements does the report wizard use to help you create a report?

Which is a valid statement about the process of restoring a backup archive?

Which is a valid routing rule combination?