Which IBM Cloud Pak for Security service does STIX-shifer utilize to perform federated searches?

A.- Analytics Tool Kit

B.- Universal Data Insights
C.- X-Force Threat Intelligence Standard
D.- Case Management and Orchestation

Based upon the image, which statement is true for the Sla Demo2 user?

A.- The user can setup new users.

B.- The user can create a new data source.
C.- The user can administrate the Threat Intelligence Insight application.
D.- The user can modify the licensing for the Threat Intelligence Insight application.

What is the name for the set of rules, conditions, business logic, and tasks used to respond to a case
created in IBM Cloud Pak for Security?
A.- Incident Type
B.- Case workspace
C.- Workflow
D.- Dynamic playbook

What are three parameters required to configure a IBM Qradar connector?

A.- Authorization Token
B.- API URL
C.- Port
D.- User name and Password
E.- Connection Certificate
F.- Management Hostname or IP

The Fully Qualified Domain Name (FQDN) created for the IBM Cloud Pak for Security application must
point to which IP address?
A.- the IBM Cloud Platform Common Services public IP address
B.- the Red Hat OpenShift cluster private IP address
C.- the Red Hat OpenShift cluster public IP address
A.- the IBM Cloud Platform Common Services private IP address
A new analyst has joined the team and is responsible for running scans within IBM Cloud Pak for Security.
Their first day on the job, they create a search criteria but do not have any data sources to scan. Where
can the user look within IBM Cloud Pak for Security to see their data source permissions?
A.- within the Account settings
B.- within the Orchestration & Automation Permissions
C.- within the users permission
D.- within the data source configuration

What capability automatically updates incident response plans as new information about an incident is
uncovered?
A.- Cases
B.- Script Builder
C.- Dynamic Playbook
D.- Threat Intelligence Insigths

What is the predefined role in the Orchestration and Automation > Permissions and Access settings tab
that would allow a user full access to the Cases and Playbooks?
A.- Cases Administrator
B.- Administrator
C.- Incident Creator
D.- Master Administrator

What is a record that holds information on how to connect to the source and to access its data?
A.- a valid connection key
B.- a data souce unique identifier
C.- a data source connection
D.- a data coupler

When Orchestration and Automation is enabled, a group is automatically created. What is the group
called?
A.- SOAR
B.- Global
C.- Main
D.- Default

What does IBM Security Threat Intelligence Insights use to offer detailed, actionable threat intelligence
that helps a user identify and prioritize the threats most relevant to an organization?
A.- Network Hierarchy
B.- Standard Configuration
C.- User Profiles
D.- Organizational Profile

What communication method does IBM Cloud Pak for Security use to populate data in the IBM QRadar
SIEM dashboard?
A.- SOAP web services
B.- REST API
C.- Database connection
D.- Javascript

Which three query are required when configuring a data source in IBM Cloud Pak for Security?
A.- Result Size Limit
B.- Refresh Time
C.- Concurrent Search Limit
D.- Query Description
E.- Query Timeout Limit
F.- Query Name

What main menu option displays scans in progress?

Queries in progress

Which application provides suggestions for the observable type, property, operator, and value
parameters?
A.- Threat Intelligence Insights
B.- Question Maker
C.- Query Builder
D.- Inquiry Designer

What are three prerequisites to configure a Microsoft Azure data source connector for IBM Cloud Pak for
Security?
A.- Management Ip and Port
B.- API URL
C.- Client Secret
D.- API Access Key
E.- Tenant ID
F.- Client ID

What are two functionalities included in the Threat Intelligence Standard plan in IBM Cloud Pak for
Security?
A.- advanced threat intelligence content
B.- threat intelligence content
C.- limited automatic scans
D.- manual scanning
E.- unlimited automatic scans

When does a connection certificate need to be added for an Elasticsearch data source connection?
A.- When Elasticsearch is configured with self-signed SSL certificate
B.- When Elasticsearch hostname or IP address does nor match the common name
C.- When the common name of Elasticsearch is not localhost.localdomain.
D.- When Elasticsearch data source connection input requires a Host URL

19.What statement best describes a data connector in IBM Cloud Pak for Security?
A.- A data connector connects data sources such as databases or XML files to IBM Cloud Pak for Security.
B.- A data connector connects data sources to a query and stores threat data in IBM Cloud Pak for
Security.
C.- A data connector connects with threat intelligence feeds and alerts on security threats found in its
data repository.
D.- A data connector connects IBM X-Force and IBM Cloud Pak for Security.

While running a Threat Intelligence Insights query, what type of chart would be used to see a trend of
how an organization is doing over time?
A.- scatter chart
B.- big number chart
C.- bar chart
D.- pie chart

What are two of the Platform Service roles in IBM Cloud Pak for Security?
A.- Account Management
B.- Case Management
C.- IBM QRadar Proxy
D.- User Management
E.- Data Explorer

A platform administrator has installed IBM Cloud Pak for Security and they do not have a license for the
Threat Intelligence Insight application (TII app). What actions should the administrator take to be
compliant with IBM license terms?
A.- Deactive Standard subscription in the TII app.
B.- In license and Usage Management, disable the TII app.
C.- Uninstall the TII app.
D.- Cancel the X-Force Exchange account.

Which backup retains Data Explorer query results?

A.- query results are not retained in backup
B.- Cases
C.- Data Explorer
D.- user entitlements

What are two requirements to add a user to IBM Cloud Pak for Security?
A.- The user must be added to the Red Hat OpenShift cluster.
B.- The user must be added to a IBM Cloud Pak for Security group.
C.- The user account must be added to LDAP.
D.- The user must have an email address.
E.- The user must be added to a IBM Common Platform Service repository.
Which IBM Cloud Pak for Security component offers detailed, actionable intelligence to help identify and
prioritize the risks most relevant to an organization?
A.- Threat Intelligence Insights
B.- Cases with Orchestration and Automation
C.- Analytics Tool Kit
D.- Connected Assets and Risks.

Where would a user select to edit permissions for IBM Cloud Pak for Security platform services or
applications?

Access & permissions

What data source can be used to share cyber threat intelligence in IBM Cloud Pak for Security?
A.- STIX Bundle
B.- STIX Batch
C.- Taxii Bunch
D.- Taxii Bale

A Managed Service Provider needs to create two separate entities for customer A and customer B. How
can requirement be accomplished?
A.- Create two domains and configure appropriate resources.
B.- Create user A and user B and assign them to the customers.
C.- Create two accounts A and B and configure appropriate resources.
D.- Create two sets of data source and assign them to user A and user B. Distribute each user to
customer A or B.

What type of SOAR extension performs an activity and returns the results to the workflow?
A.- Action
B.- Function
C.- Rule
D.- Workflow

By default, how many simultaneous connections can be made between IBM Cloud Pak for Security and a
data source?
A.- 10
B.- 50
C.- 2
D.- 4
Which tool enables a security analyst to search and investigate their security environment for indicators
of Compromise (IoCs) and threats with a single query?
A.- Cloud Security Advisor
B.- Threat Intelligence Insights
C.- Data Explorer
D.- Case Management

What are three different authentication options available for Elasticsearch connection?
A.- Basic Authentication (Username and Password)
B.- API Key Authentication (API Key and ID)
C.- Security Credentials (Tenant, Client ID and Secret)
D.- Role Based Authentication (Access Key ID, Secret Access Key and IAM Role)
E.- Token Based Authentication (Access Token)
F.- SNI Authentication (Management IP, Port and Server Name Indicator(SNI))

Which IBM Cloud Pak for Security widgets are read-only and cannot be customized?
A.- Orchestration & Automation
B.- Case Management
C.- Data Explorer
D.- Threat Intelligence Insights

What best describes the IBM Cloud Pak for Security X-Force Threat Score?
A.- An analytical score based upon all security gaps found in users environment based on IBM X-Force
IRIS.
B.- An analytical score based upon all security gaps found in users environment based on the NIST
800145 framework.
C.- An analytical, adaptive score that reflects the likelihood of a threat being relevant to an organization
based on various captured threat vectors.
D.- An analytical, adaptive score that reflects the likelihood of a threat being defined in SOAR playbooks.

Which pod is used for performing backups?

A.- ArangoDB-box
B.- Sequences
C.- Backup pod
D.- cp4s-toolbox

Which service can be found at the IBM Cloud Pak for Security Core Services layer?
A.- Unified Case Management
B.- Connected Assets and Risks
C.- IBM Cloud Pak for Security Logging
D.- LDAP

A user is not able to open Data Explorer to search data. Which two accesses are needed to troubleshoot
this issue?
A.- access to Manage user
B.- access to Query Builder
C.- access to command line to pull logs
D.- access to Licensing & usage management
E.- access to the Data sources

A user needs to create an Am I Affected report based on their private collection of Indicators of
Compromises (IoCs). The user has enabled the Threat Intelligence Insight application. What other action
should the user take?
A.- Activate the Advanced plan.
B.- Activate the Standard plan.
C.- Deploy the X-Force Exchange API key.
D.- No additional action is required.

How can an administrator confirm that a new data source is connected to IBM Cloud Pak for Security?
A.- Locate the Connected parameter in the data source configuration file.
B.- Verify a valid connection key.
C.- Run a query with IBM Security Data Explorer.
D.- Run a configuration report.

In Orchestration and Automation, how many global roles can be assigned to a group?
A.- 5
B.- 1
C.- unlimited
D.- 4

1. What capabilities does Cloud Pak for Security bring together?

a. EDR
b. Datalake and UBA
c. SIEM and Identity
d. All of the above

2. Which OpenShift configuration would be used when logging is required?

a. 3 Masters (8 Cores,32 GB Mem) and 4 Workers (8 Cores, 32 GB Mem)
b. 4 Workers (8 Cores, 32 GB Mem) only
c. 3 Masters (8 Cores,16 GB Mem) only
d. 3 Masters (8 Cores,16 GB Mem) and 4 Workers (8 Cores, 32 GB Mem)

3. Which CP4S component consolidates asset and risk data to identify security gaps?
a. Connect Asset & Risk (CAR) Database
b. Connect Asset & Risk (CAR) Dataset
c. Consolidated Asset & Risk (CAR) Database
d. Asset Risk & Threat (ART) Database

4. Which 3 fields are needed to collect the mustgather? ( select 3)

a. cpctl tool
b. Namespace
c. Modules
d. Token
5. Which of the following are data query parameters?
a. Connection name, connection description, hostname, port
b. Concurrent search limit, SEC Token, result size limit, Secret Key
c. Tenant ID, connection description, Secret, port
d. Concurrent search limit, query search timeout, result size limit, query time range

6. What are the required general fields for a QRadar data connection?
a. Concurrent search limit, query search timeout, result size limit, query time range
b. Connection name, connection description, hostname, port
c. Tenant ID, connection description, Secret, port
d. Concurrent search limit, SEC Token, result size limit, Secret Key

7. What application role can assign access to Threat Intelligence Insights (TII)?
a. TII Administrator and Data Explorer Administrator
b. TII User
c. Data Explorer User
d. Platform Role Administrator

8. Asset Data must be configured separately for each connector?

a. True
b. False

9. What type of certificate is required for a CP4S installation not on IBM Cloud?
a. Hypertext Transfer Protocol Secure (HTTPS) Certificate
b. Public Key infrastructure (PKI) Certificate
c. Transport Layer Security (TLS) Certificate
d. Secure Sockets Layer (SSL) Certificate

10. Compete the following statement. 'IBM Cloud Pak for Security provides a platform ___ _?
a. to manage all platforms from anywhere.
b. to undertake costly migration projects, complex integrations, and continuously
switch between different screens and products.
c. to help more quickly integrate your existing security tools to generate deeper
insights into threats across hybrid, multicloud environments, using an infrastructureindependent
common operating environment that runs anywhere.
d. to move client operations to the cloud piece by piece, with applications and data
spread across multiple clouds and on-premise resources.

11. What is included with Threat Intelligence Insight’s standard package?

a. Access X-Force threat intelligence content with manually and automated threat
scanning
b. Access X-Force threat intelligence premium content and automated threat scanning
c. Access X-Force threat intelligence premium content, the ability to manually to scan
for threats, and automated threat scanning
d. Access X-Force threat intelligence content and the ability to manually to scan for
threats
12. Which dashboards have widgets that are read-only?
a. Threat Intelligence Insight, QRadar, Case Management
b. Connect Asset Risk, Risk Manager
c. QRadar Proxy, Case Management

13. When a user is granted access to a data source, which roles can be assigned?
a. Admin, user, no access
b. Operator, admin, user
c. Owner, viewer, no Access

14. Which statement about a Fred’s entitlement to multiple apps in Cloud Pak for Security is
true??
a. Fred cannot be assigned as Admin in more than one app.
b. Fred can be assigned Admin id App A and User in App B.
c. Fred must be assigned a user in app a if he is already a user in App B.

15. What must you obtain from QRadar to access QRadar data in Cloud Pak for Security
dashboard widgets?
a. Qradar username and password
b. Server name indicator
c. Qradar authorized service token

16. What is the time range for overnight automated Am I Affected scans when the Threat
Intelligence Insights Advanced plan is active?
a. 12 hours
b. 72 hours
c. 24 hours

17. What is excluded from a backup of Data Explorer?

a. query results
b. queries
c. connections
d. configuration

18. Which two third-party threat intelligence feeds can be enabled in Cloud Pak for Security?
a. Virustotal
b. Trustwave Spider Labs
c. Mandiant Threat Intelligence
d. Swimlane TI
e. Crowdstrike

19. How can you determine if the Orchestration and Automation license is not applied?
a. Go to Application settings > Orchestration & Automation > SOAR Playbooks,
clicking Customization Settings > Scripts, and see a message The Action
Module is not enabled.
b. Case management is not available.
c. SOAR is not installed.
20. How is the Orchestration and Automation license installed?
a. Enter license when installing the SOAR app.
b. Create a secret named isc-cases-customer-license with the license key in
OpenShift.
c. The license is installed automatically

21. How is the Threat Intelligence Insights app disabled when it is no longer needed?
a. Delete the app pods
b. Disable the app in Settings > Application Settings
c. Uninstall Treat Intelligence Insights