C1000-163: IBM Security QRadar SIEM V7.5 Deployment

Full Name: IBM Security QRadar SIEM V7.5 Deployment

Exam Code: C1000-163

Certification Overview

This intermediate level certification is intended for professionals who wish to validate their comprehensive knowledge of the planning, installation, configuration, performance optimization, tuning, troubleshooting, and initial system administration tasks for IBM Security QRadar SIEM V7.5. This includes the apps installed with the product: Use Case Manager, QRadar Assistant, Log Source Management, and Pulse. This does not include the SaaS offering of QRadar on Cloud (QRoC). Questions for this exam were developed based upon IBM Security QRadar SIEM V7.5.0 Update Package 5.

Try Sample Exam »

Note: The usage of specific apps, apart from those bundled with the product, is out of scope, but the concept of extending the capability of using apps is in scope. A knowledge of the basic functions of these key IBM-supported apps should be understood: User Behavior Analytics, QRadar Deployment Intelligence, Reference Data Management, Threat Intelligence, and QRadar Advisor with Watson, Network Threat Analytics.

IBM Security QRadar SIEM Deployment Exam Summary:

Exam Name	IBM Certified Deployment Professional - Security QRadar SIEM V7.5
Exam Code	C1000-163
Exam Price	$200 (USD)
Duration	90 mins
Number of Questions	63
Passing Score	67%
Books / Training	IBM Certified Deployment Professional - QRadar SIEM V7.5 - Exam C1000-163 Preparation Guide QRadar SIEM Administrator
Sample Questions	IBM Security QRadar SIEM Deployment Sample Questions
Practice Exam	IBM C1000-163 Certification Practice Exam

IBM C1000-163 Exam Syllabus Topics:

Topic	Details	Weights
Deployment Objectives and Use Cases	- In this initial task, the QRadar deployment specialist, together with the client, analyze and document the business drivers and use cases that the deployment should address. Based on detailed use cases, the deployment specialist can develop the appropriate deployment architecture. ◉ Review business needs ◉ Determine useful QRadar Apps and Extension Packs ◉ Define QRadar value reporting	10%
Architecture and Sizing	- Defining and documenting the deployment architecture creates the underlying basis for successfully installing QRadar. The architecture defines a clear scope of the project based on the use cases. Here, the deployment specialist designs the solution and required components, such as the individual QRadar appliances (physical or virtual). The architecture also addresses topics such as high availability and disaster recovery, data retention, and licensing. ◉ Determine scope and size requirements for deployment ◉ Plan for placement of appliances ◉ Determine requirements for data retention ◉ Determine QRadar deployment components ◉ Identify the need for HA and DR ◉ Determine licensing requirements ◉ Windows collection architecture	16%
Installation and Configuration	- Based on the architecture documentation and scope, the deployment specialist installs and configures the QRadar components. ◉ Install QRadar SIEM ◉ Apply and update licensing ◉ Apply QRadar system Certificates ◉ Backup, recovery, and data retention ◉ Conduct initial configuration ◉ Configure authentication and access control	16%
Event and Flow Integration	- After all QRadar components have been successfully deployed, it is time to add and configure the organization's log and flow sources. This includes automatically discovered and manually configured log sources as well as any custom properties or content extensions to satisfy the client's use cases. ◉ Define log sources ◉ Define and configure flow sources ◉ Define custom properties ◉ Install content extensions based on requirements ◉ Identify event parsing requirements	13%
Environment and X-Force Integration	- The deployment specialist configures the included QRadar apps to function properly within the organization's environment as well as setting up the IBM X-Force Threat Intelligence Feeds. The deployment specialist also leads the client to properly populate and use the asset database (to the extent that has been identified in the use cases and scope of the project). ◉ Configure Assistant App and use it to manage the apps ◉ Establish X-Force intelligence data integration levels ◉ Configure Use Case Manager ◉ Populate and use the Asset database	06%
System Performance and Troubleshooting	- The deployment specialist performs initial system performance and troubleshooting, demonstrating the use of appropriate tools to perform these tasks. This does not entail ongoing support but is focused on the scope defined in the project objectives and architecture. ◉ Look for R2R events ◉ Monitor system performance ◉ Check QRadar audit and self-monitoring events ◉ Check and restart Apps as necessary ◉ Identify event drops, events going to storage and unknown events	13%
Initial Offense Tuning	- As defined in the scope, project objectives and architecture, the deployment specialist performs initial tuning of offenses and guides the client on how to best approach this task going forward. ◉ Tune noisy rules and CRE events ◉ Identify expensive rules and properties ◉ Utilize Server Discovery ◉ Update building blocks ◉ Manage and use reference data	10%
Migration and Upgrades	- In case the project objectives and scope contain QRadar migration and/or upgrades, the deployment specialist has to investigate several migrations or upgrade related topics, such as data and content migration, app framework use cases, and other upgrade prerequisites. ◉ Migrate Data ◉ Review upgrade prerequisites ◉ Determine content migration strategy ◉ Review App Framework considerations (UBI) ◉ Restoring a backup ◉ Performing QRadar SIEM hardware migration	10%
Multi-Tenancy Considerations	- The deployment specialist needs to be skilled to support an organization that needs to implement a QRadar multi-tenant deployment. ◉ Define domains and tenants requirements ◉ Configure items which involve Multi-tenancy	6%