Number of questions: 60
Number of questions to pass: 37
Time allowed: 120.0 mins
Status: Live
The test consists of 7 sections containing a total of approximately 60
multiple-choice questions. The percentages after each section title reflect the
approximate distribution of the total question set across the sections.
This test is available at a 50% discount from July to September 2019. To receive
the discount, register for and take the test with promotion code HUCSECURE from
July to September 2019.
Section 1: Deployment objectives and Use cases 10%
Demonstrate deployment benefits, including the additional components such as
App host, QRadar Risk Manager (QRM), QRadar Vulnerability Manager (QVM), QRadar
Network Insights (QNI), QRadar Incident Forensics (QIF).
Design a deployment to meet a set of security business objectives.
Model and design the information required by Rules and Building Blocks.
Section 2: Architecture and Sizing 23%
Determine types of log and flow data and suitability for security
monitoring, data storage, or neither.
Generate an architecture based on design objectives (i.e., events per second
(EPS), flows per minute (FPM), data retention).
Determine how log source locations and information gathering mechanisms can
affect QRadar component architecture (e.g. network considerations).
Differentiate between QRadar components (e.g., Console, Event Processor (EP),
Event Collector (EC), Flow Collector (FC), Flow Processor (FP), Data Node (DN),
App Host).
Create expansion plans for growth (e.g., All-in-One (AIO) to Distributed, EP to
EP and EC, EP to EP and DN).
Choose appliance models that fit the sizing requirements.
Illustrate the equivalent VM specifications for appliances.
Determine the suitablility of high availability (HA) for a given set of
requirements.
Choose adequate licenses that allow for ingestion of events and flows to meet
the expected loads (including tolerance/buffering of occasional spikes).
Implement domain and tenant management for shared environments.
Section 3: Installation and Configuration 20%
Create a deployment plan: identify software, storage, networking, and
appliances, and develop naming conventions, and high availability (HA)
configuration settings.
Install and configure various QRadar appliances according to architecture.
Implement initial QRadar configuration such as proxy, auto update, mail,
retention policies, and back-ups.
Perform license management.
Implement and configure HA (i.e., add managed hosts to a deployment, create HA
pairs by combining individual managed hosts).
Implement authentication and authorization methods (i.e., LDAP, SSO).
Perform content extension installation (e.g., apps from the IBM X-Force
Exchange).
Implement external storage options.
Section 4: Event and flow integration 15%
Plan overall log source integration approach.
Perform supported log source integration.
Integrate unsupported log sources and show how to use the DSM Editor to create
custom log sources.
Plan and perform flow integration.
Contrast flow data formats supported by QRadar.
Analyze Windows Event Collection options (e.g., WinCollect, Snare, MSRPC,
SMBTail, Windows Event Forwarding).
Section 5: Environment and threat data integration 13%
Explain how an integration of a threat feed is done using an app.
Enable and configure the Xforce threat data feed.
Integrate deployment with third party solutions (e.g., Custom Action Scripts,
REST-API access, SNMP Traps, Forwarded data).
Integrate external vulnerability scanners.
Compare Reference Data types and capabilities.
Determine how the asset profiles database will be populated (i.e. log sources
which provide identity data, flows and VA scanners).
Section 6: System Performance and Offense Tuning 8%
Determine performance issues based on QRadar warnings, logs and
notifications.
Detect tuning opportunities for common information (e.g. network hierarchy,
reference data, and expensive rule.)
Execute Server Discovery to populate host definitions building blocks.
Create performance and tuning reports.
Section 7: Troubleshooting 10%
Demonstrate how to monitor and investigate network and log activity search
issues (e.g. filtering, searching, grouping and sorting, saving searches and
creating reports, creating dashboard widgets from searches, viewing audit logs,
indexed fields and quick filter, etc.).
Diagnose asset management and server discovery problems (e.g. vulnerabilities,
filtering, searching, grouping, sorting, saving searches on assets, importing,
exporting, populating asset databases, etc.).
Diagnose system notifications regarding performance problems or system failures
(e.g. dropping events, HA System Failed, I/O error, how to get logs for support
tickets, license restrictions, etc.).
Overview
PartnerWorld Code: C0003804
Replaces PW Code: 55000303
Status: Live
This intermediate level certification is intended for deployment
professionals who are responsible for the planning, installation, configuration,
performance optimization, tuning, troubleshooting, and system administration of
an IBM QRadar SIEM V7.3.2 deployment. These professionals can complete these
tasks with little to no assistance from documentation, peers or support.
Note: The function of specific apps, apart from the two bundled with the
product, is out of scope, but the concept of extending the capability of using
apps is in scope.
Recommended Prerequisite Skills
TCP/IP networking
Unix command line knowledge
Basic security tecnologies
Regex
Enterprise logging
Network monitoring using flows
Understand the role and activities of an analyst and administrator for QRadar
Requirements
This certification requires 1 exam
Exam Required:
Click on the link below to see exam details, exam objectives, suggested training
and sample tests.
C1000-055 – IBM QRadar SIEM V7.3.2 Deployment
Click here
to view complete Q&A of C1000-055 exam
Certkingdom Review,
Certkingdom PDF Torrents
Best IBM C1000-055 Certification, IBM C1000-055 Training at certkingdom.com