Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

C1000-140 by Ibm - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

What must be created before the Use Case Manager app can be used?

A Authorized Service Token
B Security Profile
C Custom DSM
D User roles

Question 4

Which log file helps in QRadar troubleshooting?

A aql.log
B ariel-query.log
C sim-audit.log
D qradar.error

Question 5

An authentication token is generated on the QRadar Console for WinCollect agent installation.
What kind of WinCollect agent needs an authentication token?

A Managed WinCollect agent
B Stand-alone WinCollect agent
C Independent WinCollect agent
D Dependent WinCollect agent

Question 6

Which of these items forwards data to a QRadar Packet Capture appliance?

A QRadar Event Collector 1501
B QRadar SIEM All-in-One 3199
C QRadar Network Insights Core appliance 1910
D QRadar Flow Collector 1310

Question 7

Where does QRadar display R2R events?

A The Network Activity tab
B The Remote Services window
C The Tuning interface in the Use Case Manager app
D The Testing interface in the Log Source Manager app

Question 8

Consider this scenario and instruction.
Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define vulnerability assessment products or any server that you want to ignore as a source, edit the “and when the source IP is one of the following” test to include the IP addresses of the following scanners.

VA Scanners -

Authorized Scanners -
What type of editable building block is described?

A BB:HostDefinition: Authorized ScannersSource IP
B BB:HostDefinition: VA Scanner Source IP
C BB:NetworkDefinition: Server Networks
D BB:HostDefinition: Proxy Servers

Question 9

Which of these views is provided by the DSM Editor?

A Event Mappings tab, Flow tab, Protocols
B Workspace, Event Mappings tab, Configuration tab
C Dashboard, Event properties, Configuration tab
D Workspace, Flow tab, Event properties

Question 10

Which statement about the Extensions Management tool in QRadar is true?

A The Extensions Management tool can be used to add a log source.
B The Extensions Management tool cannot be used to export content out of QRadar.
C QRadar can be updated by using the Extensions Management tool.
D CSV extensions can be imported into QRadar.

Question 11

A QRadar deployment professional wants to integrate a dynamic data set like asset information so that QRadar can use the latest information in the new data set to correlate the rules and alerts.
How can the deployment professional achieve this?

A Use the QRadar Search to search each item in the list of imported data set.
B Import the dynamic data in the reference set and use these reference sets in rules and building blocks.
C Use the Threat Intelligence app.
D Use the UCM app.

Question 12

A QRadar deployment professional is asked to migrate the configuration of a system from Log Manager to QRadar SIEM.
How should the custom rules, saved searches, and reports be migrated?

A Use the QRadar config backup and restore process to transfer all configurations.
B Use the content management tool (CMT) to transfer the security configuration.
C The only option is to use the GUI to manually recreate any required content.
D Use rsync to transfer the contents of the /store partition to the new system.

Question 13

A QRadar deployment professional needs to transfer the configuration of a distributed environment (one Console and one EP, not using HA) onto an All-in-One (AIO) system to run some forensics against data that will be added later.
What approach should the deployment professional suggest for building the new AIO?

A Use rsync to transfer the contents of the /store partition to the new system.
B The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed by use of the GUI.
C Because the destination environment does not have the same number of appliances, the only option is to use the content management tool (CMT) to transfer the security configuration.
D The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed only by use of back-end PSQL commands.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 61

1 2 3

→

Know a question that should be here? Contribute to this exam

Where is a QRadar license obtained?

A X-Force Exchange/license app
B IBM Sales Representative
C QRadar Console
D IBMcom/qradar/licenses

What must be done on all managed hosts after the restoration of a config backup on a new console?

A Restart the hostcontext service
B Re-add all managed hosts
C Restart the docker service
D Delete all users