EMT Practice Test

1. Question Content...


Question List

Question1: A deployment professional is working with a client that develops their own in house applications. The customer would like to log events from these applications. Because these applications are hosted on Windows servers inside of the clients DMZ, the client wants to limit the ports on which they will allow access. All logs are written to a flat file named debugJog in the c:\app\logs folder of the host.
Which option is a developed strategy for integrating these logs with QRadar SIEM?

Question2: A deployment professional is notified that event and flow data that are sent to the All-in-One are not processing. However, there is no issue with the existing data.
What should the deployment professional investigate?

Question3: A customer is building a big data solution which aims to perform long term analysis of security data. Security events that are processed by QRadar are also relevant for the system and according to the QRadar administrator the most straightforward option for data ingestion is to configure event forwarding on QRadar.
The customer would like to make use of QRadar's parsing capability and its built-in parsers instead of developing new parsers for the big data platform. A deployment professional is asked for advice about the data format to configure for the event forwarding.
Which available option should the deployment professional propose?

Question4: A deployment professional is about to execute Server Discovery to populate the Host Definition Building Blocks. The deployment professional is working in a monitored environment and does not wish to set off any network scanner alarms.
What step should the deployment professional take to ensure that good results are returned and that no alarms are raised?

Question5: A deployment professional needs to create a SIEM architecture plan. The deployment professional needs to consider applying a set of security policies (or questions) about the client's network and monitor the policies for changes. It is important also to query all network connections, compare device configurations, filter the network topology, and simulate the possible effects of updating device configurations.
Which component can be added to the deployment to meet this security business objective?

Question6: Some customers do not fully understand the benefits of using dedicated appliances to collect events and flows, complaining about the complexity of the deployments.
How should the deployment professional clarify any doubts that may arise?

Question7: A deployment professional has been asked to ensure the system can be integrated with another system which contains lists of IP addresses and CIDR ranges in an automated manner, to allow rules to target specific communication endpoints.
Which part of QRadar is designed to hold and manage this data?

Question8: A deployment professional sees that there are occasional spikes in the EPS (Events per second). The host has
1000 EPS allocated but the occasional spikes go up to 1185 EPS.
What happens with the events when they go over the allocated amount?

Question9: A deployment professional has been asked to ensure that the system has access to information which can be used by rules to acquire information extracted from a user information source such as Active Directory or LDAP.
Which information repository should the deployment professional store this data in?

Question10: The client implemented a QRadar Network Insights (QNI), and is looking to add post-incident investigations and threat hunting activities.
What should the deployment professional recommend?

Question11: A company that is located in the United States wants to expand its existing QRadar deployment to data centers located in Europe. The European branch needs to keep its data in-country and must comply with local data retention regulations.
What can the deployment professional do to comply with local data laws?

Question12: A deployment professional is creating an architecture for a customer who has locations which regularly go out of contact with the rest of the network. The requirement is to receive logs locally and then have a scheduled connection to QRadar to upload the events.
Which QRadar appliances should be deployed in these locations?

Question13: High availability (HA) has been configured for an event processor in a deployment. The end user gets the notification "Disk Usage Exceeded max Threshold" for the /store partition on primary host. The retention settings are "Delete data in this bucket: immediately after the retention period has expired".
What will be the behavior of the primary at this stage?

Question14: A company has a large network with multiple segments. The manufacturing area network and the research and development (R&D) area network are separated from the product area network, and the customer does not want to run scanners through firewalls. A deployment professional has been tasked with proposing a strategy to ensure vulnerability assessment operations cover all company assets.
In addition to a scanner in the production area network, which option should the deployment professional follow?

Question15: A deployment professional configures domain definitions for events in a multi-tenant QRadar environment.
The domain assignments for tenants, flows, VA scanners, reference data, network hierarchy items are already configured.
Which is the order of precedence between the incoming event's attributes when evaluating its domain assignment?

Question16: A deployment professional needs to configure the X-Force Threat Intelligence Feed through a web proxy to access the cloud servers hosting the information.
How should the deployment professional configure the proxy for this access?

Question17: A deployment professional just installed new QRadar deployment which comes with a temporary license key.
How many days does a deployment professional have before the temporarylicensekey expires?

Question18: An application developer is working on a reporting tool that fetches and visualizes data from multiple data sources. The deployment professional is asked to explain how to make authenticated requests on QRadar using its REST API interface.
Which authentication method is supported by QRadar's REST API?

Question19: A deployment professional wishes to implement a QRadar product which provides network topology, active attack paths and high-risk assets risk-score adjustment on assets based on policy compliance.
Which product would the deployment professional deploy to achieve this?

Question20: A deployment professional is asked to create QRadar deployment architecture for a company.
The company has three branch offices with WAN connection between them. The head office data center requires 14000 EPS and 200000 FPM. Each branch requires 4000 EPS and 200000 FPM.
Which deployment solution will meet the minimum requirements?

Question21: A deployment professional needs to include a network inspection device in a banking organization as per the new security guidelines. Real time threat investigation has to be done along with the post-incident analysis. A QRadar Incident Forensics has been included in the design for post-incident forensic analysis.
Which devices should be chosen for the realtime analysis?