C1000-156 Free Sample Questions

A financial institution is implementing a multi-tenant QRadar deployment to serve three distinct business units: Retail Banking, Investment Banking, and Wealth Management. Compliance mandates strict data segregation between these units. The administrator has created a separate Domain for each unit. During testing, it's discovered that a shared, central authentication log source is visible to users in all three domains. What is the most appropriate action to ensure the shared log source's data is correctly segregated and assigned to the relevant domain based on event payloads?

An administrator is tasked with integrating a new third-party threat intelligence feed that provides a list of malicious C2 server IPs. The goal is to create a rule that generates an offense when any internal asset communicates with an IP from this feed. Which combination of QRadar components is the most efficient and scalable way to implement this?

A new administrator is trying to understand user permissions. They find that a junior analyst, who is assigned a specific User Role and Security Profile, is unable to view events from a critical log source, even though their Security Profile explicitly grants access to it. Which QRadar component is most likely overriding the Security Profile and causing this restriction?

During a performance audit, an administrator identifies a custom rule that uses the following test: `and when the event payload contains this regex '.∗(user|admin|root) failed login.∗'`. This rule is causing a significant load on the Custom Rule Engine (CRE). What is the BEST practice to optimize this rule while maintaining its security value?

An administrator needs to create a daily report of all offenses that were closed with the closing reason 'False Positive'. The report should be automatically generated at 8 AM every morning and emailed to the security management team. Which steps must be taken to configure this? (Select TWO)

A QRadar administrator is investigating an issue where NetFlow data from a core router is not appearing in the 'Network Activity' tab. The administrator has verified that the router is configured to send NetFlow v9 packets to the correct IP address of the Flow Processor and that there are no firewalls blocking the traffic. The output of `tcpdump` on the Flow Processor shows UDP packets arriving from the router on the configured port. What is the most likely reason the flows are not being processed by QRadar?

An administrator has deployed a new QRadar App Host to handle a growing number of applications. After installation and adding the App Host to the deployment, several apps fail to start, and the system notifications show errors related to resource allocation. What is the first and most critical configuration step that must be performed on the App Host to ensure applications have sufficient resources?

True or False: When configuring a new user role, permissions assigned at the role level will override any conflicting, more restrictive permissions set in the user's assigned Security Profile.

A new custom log source for a proprietary application is sending events that are not being correctly parsed and are appearing as 'Unknown'. The administrator has confirmed the events are reaching the Event Collector. The goal is to create a custom Log Source Type to parse these events correctly. What is the first tool the administrator should use to begin this process?

An administrator is attempting to use the interactive REST API console to troubleshoot an application. When trying to access the API documentation page, the browser returns a '401 Unauthorized' error. The administrator is logged into the QRadar console with full administrative privileges. What is the most likely cause of this issue?