C1000-163 Exam Questions

What are unknown events?

What does it mean when a custom rule is partially matched in QRadar?

Which QRadar log file contains information about the rates of EPS?

For a Source IP based offense, which field helps determine relative importance of the targets to the business?

Which of the following is used to process flows in Qradar?

A deployment professional needs to migrate test rules developed in a test QRadar deployment to a production QRadar deployment. Which approach can be used to migrate the rules?

An analyst reviewed an active offense that was many attackers, generating many events in the same category, targeting many systems. Upon further analysis, the analyst determined th...

Where can a deployment professional find updates to DSMs?

What must a deployment professional select when defining a new flow source?

Several counts of the system notification message 38750088 - Performance degradation that were detected in the Event pipeline showed in a report. In this case, what does the Event...

What is correct order to stop Qradar Services?

On a QRadar appliance, you might see a warning that you cannot connect to port 32006. Which command you will use for determining port information?

Which regex statement extracts the DNS host from the cs-host value from the payload?

This partial Network diagram was provided to a QRadar deployment professional who is trying to determine if the deployment requires the definition of multiple domains. How many dom...

Which two options does a QRadar analyst need to configure in the False Positive window of the QRadar Console to mark an event or flow as False Positive?

A QRadar deployment professional is asked to migrate the configuration of a system from Log Manager to QRadar SIEM. How should the custom rules, saved searches, and reports be migr...

Which two statements are prerequisites for an to upgrade of QRadar? (Choose two.)

A QRadar deployment professional has been asked to merge two QRadar deployments (AIO_A and AIO_B) into one new environment (AIO_C). Each environment consists of an All-in-One appli...

In a multitenant environment, what is prevented by assigning log sources to a specific domain?

Which two of these authentication types are valid for RADIUS authentication? (Choose two.)

What happens to events and flows when data bursts exceed the license?

While reviewing apps in QRadar Assistant, an analyst wants to view the apps that work properly. What sort option should the analyst choose?

To increase the amount of storage for IBM Security QRadar, data is moved to an offboard storage device. Which method for adding external storage must be used for /store/ariel?

Which item can be used in the configuration of a domain in QRadar?

Where does QRadar display R2R events?

Which tool can be used to check the connections to all managed hosts and verify the versions of ECS and ECS-Ingress services after an upgrade?

A QRadar user wants to edit a building block to include geographic locations that they want to prevent from accessing their network. The user will edit the "and when the source is...

Which are stored events?

There are 10 retention buckets in Qradar SIEM. The default is placed in the last line with retention policy of 30 days. Action is set to delete the data immediately after retention...

Which data is processed by the IBM Security QRadar Network Threat Analytics app?

Which command can be used to check the amount of available physical and swap memory?

One data gateway appliance can collect up to ____ number of EPS.

Which of these is a benefit of the QRadar Assistant Guide Center?

What is an approach to tuning a "noisy" rule, that is, a rule that generates too many offenses?

The ____________command removes a directory and all files in it.

The Server Discovery process updates building blocks based on which of these?

After a successful upgrade, which two actions does a deployment professional perform to complete the installation?

Which of these procedures duplicates a report from the Reports tab?

A security analyst uses Use Case Manager > Active Rules and detects which TOP rule- generating offenses are triggered due to inbound traffic that is dropped by the firewall. The co...

What are the types of reference data collections in QRadar?

Which component processes unallocated syslog messages, identifies the DSMs that are installed on the system, and then assigns the appropriate log source type to a new log source?

What does QRadar attempt to do when the system generates "Accumulator is falling behind" warnings?

What information is provided by using the Sharing MITRE-mapping files in Use Case Manager?

What demarcation is added to a custom event property to let you know that this value is held in memory for a set amount of time?

Which statement about the Extensions Management tool in QRadar is true?

An administrator needs to add, delete and modify user accounts. When deleting a user, what dependency checks are carried out?

Which app can be used to find the state (active, standby, offline, or unknown) of each appliance, the number of notifications for each host, the host name and appliance type, disk...

Which port is used by appliances that provide syslog events to send event data to QRadar components?

Which port is used for bidirectional traffic between WinCollect agent and QRadar Console?

What must be created before the Use Case Manager app can be used?