C1000-055 IBM QRadar SIEM V7.3.2 Deployment

Number of questions: 60
Number of questions to pass: 37
Time allowed: 120.0 mins
Status: Live

The test consists of 7 sections containing a total of approximately 60 multiple-choice questions. The percentages after each section title reflect the approximate distribution of the total question set across the sections.

This test is available at a 50% discount from July to September 2019. To receive the discount, register for and take the test with promotion code HUCSECURE from July to September 2019.

Section 1: Deployment objectives and Use cases 10%
Demonstrate deployment benefits, including the additional components such as App host, QRadar Risk Manager (QRM), QRadar Vulnerability Manager (QVM), QRadar Network Insights (QNI), QRadar Incident Forensics (QIF).
Design a deployment to meet a set of security business objectives.
Model and design the information required by Rules and Building Blocks.

Section 2: Architecture and Sizing 23%
Determine types of log and flow data and suitability for security monitoring, data storage, or neither.
Generate an architecture based on design objectives (i.e., events per second (EPS), flows per minute (FPM), data retention).
Determine how log source locations and information gathering mechanisms can affect QRadar component architecture (e.g. network considerations).
Differentiate between QRadar components (e.g., Console, Event Processor (EP), Event Collector (EC), Flow Collector (FC), Flow Processor (FP), Data Node (DN), App Host).
Create expansion plans for growth (e.g., All-in-One (AIO) to Distributed, EP to EP and EC, EP to EP and DN).
Choose appliance models that fit the sizing requirements.
Illustrate the equivalent VM specifications for appliances.
Determine the suitablility of high availability (HA) for a given set of requirements.
Choose adequate licenses that allow for ingestion of events and flows to meet the expected loads (including tolerance/buffering of occasional spikes).
Implement domain and tenant management for shared environments.

Section 3: Installation and Configuration 20%
Create a deployment plan: identify software, storage, networking, and appliances, and develop naming conventions, and high availability (HA) configuration settings.
Install and configure various QRadar appliances according to architecture.
Implement initial QRadar configuration such as proxy, auto update, mail, retention policies, and back-ups.
Perform license management.
Implement and configure HA (i.e., add managed hosts to a deployment, create HA pairs by combining individual managed hosts).
Implement authentication and authorization methods (i.e., LDAP, SSO).
Perform content extension installation (e.g., apps from the IBM X-Force Exchange).
Implement external storage options.

Section 4: Event and flow integration 15%
Plan overall log source integration approach.
Perform supported log source integration.
Integrate unsupported log sources and show how to use the DSM Editor to create custom log sources.
Plan and perform flow integration.
Contrast flow data formats supported by QRadar.
Analyze Windows Event Collection options (e.g., WinCollect, Snare, MSRPC, SMBTail, Windows Event Forwarding).

Section 5: Environment and threat data integration 13%
Explain how an integration of a threat feed is done using an app.
Enable and configure the Xforce threat data feed.
Integrate deployment with third party solutions (e.g., Custom Action Scripts, REST-API access, SNMP Traps, Forwarded data).
Integrate external vulnerability scanners.
Compare Reference Data types and capabilities.
Determine how the asset profiles database will be populated (i.e. log sources which provide identity data, flows and VA scanners).

Section 6: System Performance and Offense Tuning 8%
Determine performance issues based on QRadar warnings, logs and notifications.
Detect tuning opportunities for common information (e.g. network hierarchy, reference data, and expensive rule.)
Execute Server Discovery to populate host definitions building blocks.
Create performance and tuning reports.

Section 7: Troubleshooting 10%
Demonstrate how to monitor and investigate network and log activity search issues (e.g. filtering, searching, grouping and sorting, saving searches and creating reports, creating dashboard widgets from searches, viewing audit logs, indexed fields and quick filter, etc.).

Diagnose asset management and server discovery problems (e.g. vulnerabilities, filtering, searching, grouping, sorting, saving searches on assets, importing, exporting, populating asset databases, etc.).
Diagnose system notifications regarding performance problems or system failures (e.g. dropping events, HA System Failed, I/O error, how to get logs for support tickets, license restrictions, etc.).

Overview
PartnerWorld Code: C0003804
Replaces PW Code: 55000303

Status: Live
This intermediate level certification is intended for deployment professionals who are responsible for the planning, installation, configuration, performance optimization, tuning, troubleshooting, and system administration of an IBM QRadar SIEM V7.3.2 deployment. These professionals can complete these tasks with little to no assistance from documentation, peers or support.

Note: The function of specific apps, apart from the two bundled with the product, is out of scope, but the concept of extending the capability of using apps is in scope.
Recommended Prerequisite Skills

TCP/IP networking
Unix command line knowledge
Basic security tecnologies
Regex
Enterprise logging
Network monitoring using flows
Understand the role and activities of an analyst and administrator for QRadar
Requirements

This certification requires 1 exam

Exam Required:
Click on the link below to see exam details, exam objectives, suggested training and sample tests.

C1000-055 – IBM QRadar SIEM V7.3.2 Deployment

 

Click here to view complete Q&A of C1000-055 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best IBM C1000-055 Certification, IBM C1000-055 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]

Comments |0|

Legend *) Required fields are marked
**) You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>