Notification about new IBM C2150-400 files
Subscribe to IBM C2150-400 dump here, you will be informed about new OTE files.
Describe the IBM Security QRadar V7.2 architecture and components.
- Planning the deployment of the IBM Security QRadar V7.2 implementation.
- Implement an IBM Security QRadar V7.2 solution based on customer requirements and environment based on a solution design.
- Use available interfaces to configure and administer the IBM Security QRadar V7.2 environment.
Perform performance tuning and problem determination for IBM Security QRadar V7.2
- Planning (17%)
- Comprehension: Describe the different Qradar components that make up a disributed deployment - hardware or virtual machine, flow collector, event processor, etc.
- Application: Determine the sizing of the overall installation - Scenario. how many devices are needed for the environment, how many events per second, how many flows per interval, geographical locations
- Comprehension: Plan a high availability installation - determine which hosts to HA
- Comprehension: Plan the network hierarchy - identify the networks and CIDRs,
- Comprehension: Plan log sources - Plan which log sources to receive logs from
- Comprehension: Plan for receiving flows - taps, port mirrors / span ports, netflow
- Installation (16%)
- Application: Install software and initial configuration - Scenario. ISO, DVD, USB, recovering an appliance from a USB storage device, set up IP addresses
- Comprehension: Use a deployment editor to add managed host - Set up encryption, configure off site source
- Comprehension: Apply licenses - license management
- Application: Set up auto update - Scenario. DSM, protocols up to date, with or without internet connection
- Comprehension: Patch software - latest build of Qradar
- Comprehension: Configure NAT - setting up the public and private IP address of the host
- Comprehension: Configure HA - adding HA cluster to the host
- Configuration (31%)
- Comprehension: Configure the network heirarchy - Determining local network heirarchy,
- Comprehension: Configure Authentication methods - using local authenticalion, active directory, LDAP, radius, TACACS
- Application: Configure users - Scenario. security profiles, user roles, users,
- Application: Configure external storage - Scenario. external storage, back up
- Comprehension: Configure system settings initial system settings - administrative e-mail address, e-mail locale, database settings, etc.
- Application ; Configure log sources - Scenario. wincollect, log source extentions, log source groups
- Application: Configure flow sources - Scenario. different types of flow sources, Jflow, Sflow, netflow, PACKETEER, NAPATECH
- Application: Configure scanners - Scenario. configure different types of scanners and schedules
- Application: Configure custom properties - Scenario. event and flow custom properties, REGEXComprehension: Configure back up configuration and data backupsApplication: Configure retention - Scenario. flows and events, routing rules, retention policiesApplication: Configuring reference sets - Scenario. Collect user specific data from the payloadApplication: Configuring event categories - Scenario. Universal DSM, backend scripts
- Performance Tuning and Problem Determination (19%)
- Comprehension: Define host building blocks server discovery to set up the host definition building blocks
- Application: Manage Rules and building blocks - Scenario. Custom rules, enable or disable rules, tune building blocks, false positives
- Comprehension: Respond to system notification for problem determination - Scenario. system performance, hardware problems, dropped events
- Application: Adminster aggregated data management - Scenario. determining issues with report data
- Application: Set up index management - Scenario. determine properties to index
- Administration (17%)
- Comprehension: Set up report schedules - which reports should be run and on what basis
- Application: Investigate offenses - Scenario. navigate through offenses, related events and flows, analyze offenses
- Comprehension: Monitor Network and Log activities - filtering, searching, grouping and sorting, saving searches, creating dashboard widgets from searches, viewing audit logs
- Comprehension: Asset management and server discovery - vulnerabilities, filtering, searching, grouping, sorting, saving searches on assets, importing, exporting