Requirements
This certification requires one exam.
Exam C1000-140: IBM Security QRadar SIEM V7.4.3 Deployment
Exam Objectives
During exam development, the Subject Matter Experts (SMEs) define all of the tasks, knowledge and experience that an individual would need in order to successfully fulfill their role with the product or solution. These are represented by the objectives below and the questions on the exam are based upon these objective.
Number of questions: 61
Number of questions to pass: 40
Time allowed: 90 minutes
Status: Live
Examkingdom IBM S1000-007 Exam Brain dump pdf, Certkingdom IBM C1000-140 Brain Dumps PDF
Best IBM C1000-140 Certification, IBM C1000-140 Brain Dumps Training at Certkingdom.com
Section 1: Deployment Objectives and Use Cases
Review business needs
Determine QRadar apps and content value
Define QRadar value reporting
Section 2: Architecture and Sizing
Determine scope and size requirements for deployment
Plan for placement of appliances
Determine requirements for data retention
Determine QRadar deployment components
Identify the need for HA and DR
Determine licensing requirements
Windows collection architecture
Section 3: Installation and Configuration
Install QRadar SIEM
Apply and update licensing
Apply QRadar system Certificates
Backup, recovery and data retention
Conduct initial configuration
Configure authentication and access control
Section 4: Event and Flow Integration
Define log sources
Define and configure flow sources
Define custom properties
Install content extensions based on requirements
Identify event parsing requirements
Section 5: Environment and XFE-Integration
Configure Assistant App and use it to manage the apps
Establish X-Force intelligence data integration levels
Configure Use Case Manager
Populate and Use Asset database
Section 6: System Performance and Troubleshooting
Look for R2R events
Monitor system performance
Check SIM audit events and logs
Check and restart Apps as necessary
Identify event drops, events going to storage and unknown events
Section 7: Initial Offences Tuning
Tune noisy offenses and CRE events
Identify expensive rules and properties
Utilize Server Discovery
Update building blocks
Manage and use reference data
Section 8: Migration and Upgrades
Migrate Data
Upgrade prerequisites
Determine content migration strategy
Review App Framework considerations (UBI)
Restoring a backup
Performing system migration
Section 9: Multi-Tenancy Considerations
Define domains and tenants requirements
Configure items which involve Multi-tenancy
Exam Resources
To prepare for the test, first reference the self-study course listed below. It is free-of-charge and covers all the knowledge and skills measured on the test.
Note:
Extensive hands-on product knowledge is required to pass the test.
These learning sources are recommended, but not required before taking this test.
You must be logged in to the Security Learning Academy for the link to the self-study course to work properly. If you see an error message after clicking a link, log in and retry the link.
Every effort has been made to make the recommended learning sources as complete and as accurate as possible, but no warranty of fitness is implied. The learning sources provided are on an ‘as is’ basis. IBM shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from course or publication content.
Online Self-study Course
Click here to access the online course for Test C1000-140, IBM Security QRadar SIEM V7.4.3 Deployment.
QUESTION 1
On a Microsoft Windows 2019 server, a WinCollect agent is installed, which polls events locally. Its profile is set to Maximum EPS and the average EPS is 5000.
What is the minimum RAM requirement for this Windows 2019 server?
A. 8 GB
B. 2 GB
C. 4 GB
D. 6 GB
Answer: A
QUESTION 2
What is the network interface requirement for adding a secondary HA node to the primary HA node?
A. A crossover connection between the primary and secondary host is needed.
B. A crossover connection needs to be configured on all bonded interfaces.
C. All the network interfaces on the primary and secondary host should be bonded.
D. The primary host cannot contain more physical interfaces than the secondary host.
Answer: C
QUESTION 3
Which industry standard security framework is incorporated into the QRadar 7.4.3 environment, which allows the QRadar deployment professional to link rules and building blocks to coverage in the framework?
A. Lockheed Martin Cyber Kill Chain
B. US DoD Diamond Model
C. NIST Cybersecurity Framework
D. MITRE ATT&CK
Answer: A