IBM C1000-156 Exam Actual Questions

The questions for C1000-156 were last updated on Nov. 1, 2024.

Viewing page 1 out of 28 pages.
Viewing questions 1-4 out of 109 questions

Topic 1 - Exam A

Question #1 Topic 1

You want to use a quick filter search to look for certain elements:
10.100.100.*

BlueCoat -

TCP_REFRESH_MIS -
Which string provides the correct results?

A. (10.100.100.* Bluecoat TCP_REFRESH_MIS)
B. 10.100.100.*%Bluecoat%TCP_REFRESH_MIS
C. (10.100. 100.* AND Bluecoat AND TCP_REFRESH_MIS)
D. "10.100.100.*%AND%Bluecoat%AND%TCP_REFRESH_MIS"

Reveal Solution Discussion

Correct Answer: C 🗳️

Question #2 Topic 1

A QRadar administrator is trying to tune a rule so that it cannot send an email more than 10 times in a 24-hour period.
Which method can be used to accomplish this goal?

A. Using the "response limiter”
B. Using a special rule test that limits the number of rule triggers
C. Tuning the rule conditions to make it trigger fewer times
D. Using the “execute custom action" rule response

Reveal Solution Discussion

Correct Answer: A 🗳️

Question #3 Topic 1

Which command does an administrator run in QRadar to get a list of installed applications and their App-ID values output to the screen?

A. /opt/qradar/support/recon connect 1005
B. opt/qradar/support/deployment_info.sh
C. /opt/qradar/support/recon ps
D. /opt/qradar/support/threadTop.sh

Reveal Solution Discussion 1

Correct Answer: B 🗳️

Question #4 Topic 1

When will events or flows stop contributing to an offense?

A. When the offense becomes inactive
B. After the offense is assigned to an analyst
C. When the offense becomes dormant
D. When you protect the offense

Reveal Solution Discussion

Correct Answer: A 🗳️