The event data collected by IBM Security QRadar SIEM V7.2.8 is being deleted after one month. The legal department required the data be kept for two months.
What can the administrator do to accommodate this requirement?
Change the nightly backup Priority to “High”.
Change the nightly backup to a monthly backup.
Change the Default Event Retention Policy property field “Do not delete data in this bucket” to two months.
Change the Default Event Retention Policy property field “Keep data placed in this bucket for” to two months.
Correct answer: D
Explanation:
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. Reference: https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210-b380-4674894a6ad9
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads.
When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted.
Which is an officially supported operating system for IBM Security QRadar SIEM V7.2.8 installations on customer supplied hardware?
Ubuntu Linux
Windows 2012
Fedora Linux
Red Hat Enterprise Linux
Correct answer: D
Explanation:
The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operating system. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_appframework_devguide.pdf
The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operating system.
You can use the Assign Groups option to assign a report to another group 1. Click the Reports tab. 2. Select the report that you want to assign to a group. 3. From the Actions list box, select Assign Groups. 4. From the Item Groups list, select the check box of the group you want to assign to this report. 5. Click Assign Groups Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_users_guide.pdf
You can use the Assign Groups option to assign a report to another group
1. Click the Reports tab.
2. Select the report that you want to assign to a group.
3. From the Actions list box, select Assign Groups.
4. From the Item Groups list, select the check box of the group you want to assign to this report.