IBM 000-N24000-N24 : IBM QRadar Technical Sales Mastery Test v1

10 Q&A

Version 3.0

http://www.prep2pass.com/000-n24.htm

Leading the way in IT testing and certification tools, www.Prep2Pass.com Demo

- 2 -

Important Note, Please Read Carefully

Other prep2pass productsA) Offline Testing engineUse the offline Testing engine product topractice the questions in an exam environment.

Build a foundation of knowledge which will be useful also after passing the exam.

Latest VersionWe are constantly reviewing our products. New material is added and old material isrevised. Free updates are available for 90 days after the purchase. You should check yourmember zone at prep2pass and update 3-4 days before the scheduled exam date.

Here is the procedure to get the latest version:

1.Go towww.prep2pass.com2.Click on Log in3.The latest versions of all purchased products are downloadable from here. Just click thelinks.For most updates,it is enough just to print the new questions at the end of the newversion, not the whole document.

FeedbackIf you spot a possible improvement then please let us know. We always interested inimproving product quality.Feedback should be send to feedback@prep2pass.com. You should include thefollowing: Exam number, version, page number, question number, and your login Email.

Our experts will answer your mail promptly.

CopyrightEach iPAD file is a green exe file. if we find out that a particular iPAD Viewer file isbeing distributed by you, prep2pass reserves the right to take legal action against youaccording to the International Copyright Laws.

ExplanationsThis product does not include explanations at the moment. If you are interested inproviding explanations for this exam, please contact feedback@prep2pass.com.

Leading the way in IT testing and certification tools, www.Prep2Pass.com Demo

- 3 -

www.prep2pass.com Q: 1 Write a regular expression that extracts only theusername from the string:Username=miths

A. \ smith)\

B. Ame= .*?)\

C. =\ .*?)

D. ame\=\ .*?)\

Answer: D

www.prep2pass.com Q: 2 Which method can be used to deliver log data toQRadar?

A. Syslog

B. Opsec/LEA

C. TFTP

D. Both A and B are correct

Answer: D

www.prep2pass.com Q: 3 Write a regular expression that extracts only theusername from the string:ser ID: smiths

Leading the way in IT testing and certification tools, www.Prep2Pass.com Demo

- 4 -

A. rID\:\s(.*?)\s

B. Use\:\s(.*?)\s

C. rID\:(\d+)\s

D. serid\:(.*?)\

Answer: A

www.prep2pass.com Q: 4 What characteristic distinguishes QRadar from otherSIM/SIEM solutions?

A. QRadar is the only solution that works in a heterogeneous environment.

B. QRadar has the best correlation engine.

C. QRadar supports many more devices.

D. QRadar is the only SIM/SIEM solution that natively processes flows.

Answer: D

www.prep2pass.com Q: 5 How do you add a new (supported) DSM to the system?

A. Download the rpm to the console and use the rpm command to add it.

B. You cannot add new DSMs to the system.

C. Configure autoupdate on the admin tab and manually add the DSM using the rpmcommand on the console.

D. Both A and C are correct.

Leading the way in IT testing and certification tools, www.Prep2Pass.com Demo

- 5 -

Answer: D

www.prep2pass.com Q: 6 The only way QRadar can get asset information is byimporting it from active scanners?

A. True

B. False

Answer: B

www.prep2pass.com Q: 7 What are the two backup options available in Q1 Radar?

A. Config and log data

B. Config and screenshot

C. Data and audit log

D. Data and system log

Answer: A

www.prep2pass.com Q: 8 QRadar can accept data input from:

A. Event Log Sources

B. Flows from network devices

C. Vulnerability assessment tools

Leading the way in IT testing and certification tools, www.Prep2Pass.com Demo

- 6 -

D. All of the above

Answer: D

www.prep2pass.com Q: 9 Demonstrate the solution that most directly impacts thecustomer challenge.Demonstrate the solution that most directly impacts thecustomer challenge. A medium sized business client has approximately 5,000 eventsper second (EPS) and less than 25,000 netflows per minute. They require a singleappliance that can be upgraded to a distributed deployment at a future date. Whathardware appliance best demonstrates these features?

A. QRadar 3100 licensed to accommodate 5000 EPS

B. QRadar 3100

C. QRadar 2100 licensed to accommodate 5000 EPS

D. QRadar 2000

Answer: A

www.prep2pass.com Q: 10 What two files might you look at to debug connectionissues?

A. /etc/passwd and /etc/group

B. /system/core and /usr/bin/qradar

C. /var/log/qradar.log and /var/log/qradar.error

D. /var/log/3100.error and /var/log/out.log

Answer: C