Professional Documents
Culture Documents
Based upon the image, which statement is true for the Sla Demo2 user?
What is the name for the set of rules, conditions, business logic, and tasks used to respond to a case
created in IBM Cloud Pak for Security?
A.- Incident Type
B.- Case workspace
C.- Workflow
D.- Dynamic playbook
The Fully Qualified Domain Name (FQDN) created for the IBM Cloud Pak for Security application must
point to which IP address?
A.- the IBM Cloud Platform Common Services public IP address
B.- the Red Hat OpenShift cluster private IP address
C.- the Red Hat OpenShift cluster public IP address
A.- the IBM Cloud Platform Common Services private IP address
A new analyst has joined the team and is responsible for running scans within IBM Cloud Pak for Security.
Their first day on the job, they create a search criteria but do not have any data sources to scan. Where
can the user look within IBM Cloud Pak for Security to see their data source permissions?
A.- within the Account settings
B.- within the Orchestration & Automation Permissions
C.- within the users permission
D.- within the data source configuration
What capability automatically updates incident response plans as new information about an incident is
uncovered?
A.- Cases
B.- Script Builder
C.- Dynamic Playbook
D.- Threat Intelligence Insigths
What is the predefined role in the Orchestration and Automation > Permissions and Access settings tab
that would allow a user full access to the Cases and Playbooks?
A.- Cases Administrator
B.- Administrator
C.- Incident Creator
D.- Master Administrator
What is a record that holds information on how to connect to the source and to access its data?
A.- a valid connection key
B.- a data souce unique identifier
C.- a data source connection
D.- a data coupler
When Orchestration and Automation is enabled, a group is automatically created. What is the group
called?
A.- SOAR
B.- Global
C.- Main
D.- Default
What does IBM Security Threat Intelligence Insights use to offer detailed, actionable threat intelligence
that helps a user identify and prioritize the threats most relevant to an organization?
A.- Network Hierarchy
B.- Standard Configuration
C.- User Profiles
D.- Organizational Profile
What communication method does IBM Cloud Pak for Security use to populate data in the IBM QRadar
SIEM dashboard?
A.- SOAP web services
B.- REST API
C.- Database connection
D.- Javascript
Which three query are required when configuring a data source in IBM Cloud Pak for Security?
A.- Result Size Limit
B.- Refresh Time
C.- Concurrent Search Limit
D.- Query Description
E.- Query Timeout Limit
F.- Query Name
Queries in progress
Which application provides suggestions for the observable type, property, operator, and value
parameters?
A.- Threat Intelligence Insights
B.- Question Maker
C.- Query Builder
D.- Inquiry Designer
What are three prerequisites to configure a Microsoft Azure data source connector for IBM Cloud Pak for
Security?
A.- Management Ip and Port
B.- API URL
C.- Client Secret
D.- API Access Key
E.- Tenant ID
F.- Client ID
What are two functionalities included in the Threat Intelligence Standard plan in IBM Cloud Pak for
Security?
A.- advanced threat intelligence content
B.- threat intelligence content
C.- limited automatic scans
D.- manual scanning
E.- unlimited automatic scans
When does a connection certificate need to be added for an Elasticsearch data source connection?
A.- When Elasticsearch is configured with self-signed SSL certificate
B.- When Elasticsearch hostname or IP address does nor match the common name
C.- When the common name of Elasticsearch is not localhost.localdomain.
D.- When Elasticsearch data source connection input requires a Host URL
19.What statement best describes a data connector in IBM Cloud Pak for Security?
A.- A data connector connects data sources such as databases or XML files to IBM Cloud Pak for Security.
B.- A data connector connects data sources to a query and stores threat data in IBM Cloud Pak for
Security.
C.- A data connector connects with threat intelligence feeds and alerts on security threats found in its
data repository.
D.- A data connector connects IBM X-Force and IBM Cloud Pak for Security.
While running a Threat Intelligence Insights query, what type of chart would be used to see a trend of
how an organization is doing over time?
A.- scatter chart
B.- big number chart
C.- bar chart
D.- pie chart
What are two of the Platform Service roles in IBM Cloud Pak for Security?
A.- Account Management
B.- Case Management
C.- IBM QRadar Proxy
D.- User Management
E.- Data Explorer
A platform administrator has installed IBM Cloud Pak for Security and they do not have a license for the
Threat Intelligence Insight application (TII app). What actions should the administrator take to be
compliant with IBM license terms?
A.- Deactive Standard subscription in the TII app.
B.- In license and Usage Management, disable the TII app.
C.- Uninstall the TII app.
D.- Cancel the X-Force Exchange account.
What are two requirements to add a user to IBM Cloud Pak for Security?
A.- The user must be added to the Red Hat OpenShift cluster.
B.- The user must be added to a IBM Cloud Pak for Security group.
C.- The user account must be added to LDAP.
D.- The user must have an email address.
E.- The user must be added to a IBM Common Platform Service repository.
Which IBM Cloud Pak for Security component offers detailed, actionable intelligence to help identify and
prioritize the risks most relevant to an organization?
A.- Threat Intelligence Insights
B.- Cases with Orchestration and Automation
C.- Analytics Tool Kit
D.- Connected Assets and Risks.
Where would a user select to edit permissions for IBM Cloud Pak for Security platform services or
applications?
What data source can be used to share cyber threat intelligence in IBM Cloud Pak for Security?
A.- STIX Bundle
B.- STIX Batch
C.- Taxii Bunch
D.- Taxii Bale
A Managed Service Provider needs to create two separate entities for customer A and customer B. How
can requirement be accomplished?
A.- Create two domains and configure appropriate resources.
B.- Create user A and user B and assign them to the customers.
C.- Create two accounts A and B and configure appropriate resources.
D.- Create two sets of data source and assign them to user A and user B. Distribute each user to
customer A or B.
What type of SOAR extension performs an activity and returns the results to the workflow?
A.- Action
B.- Function
C.- Rule
D.- Workflow
By default, how many simultaneous connections can be made between IBM Cloud Pak for Security and a
data source?
A.- 10
B.- 50
C.- 2
D.- 4
Which tool enables a security analyst to search and investigate their security environment for indicators
of Compromise (IoCs) and threats with a single query?
A.- Cloud Security Advisor
B.- Threat Intelligence Insights
C.- Data Explorer
D.- Case Management
What are three different authentication options available for Elasticsearch connection?
A.- Basic Authentication (Username and Password)
B.- API Key Authentication (API Key and ID)
C.- Security Credentials (Tenant, Client ID and Secret)
D.- Role Based Authentication (Access Key ID, Secret Access Key and IAM Role)
E.- Token Based Authentication (Access Token)
F.- SNI Authentication (Management IP, Port and Server Name Indicator(SNI))
Which IBM Cloud Pak for Security widgets are read-only and cannot be customized?
A.- Orchestration & Automation
B.- Case Management
C.- Data Explorer
D.- Threat Intelligence Insights
What best describes the IBM Cloud Pak for Security X-Force Threat Score?
A.- An analytical score based upon all security gaps found in users environment based on IBM X-Force
IRIS.
B.- An analytical score based upon all security gaps found in users environment based on the NIST
800145 framework.
C.- An analytical, adaptive score that reflects the likelihood of a threat being relevant to an organization
based on various captured threat vectors.
D.- An analytical, adaptive score that reflects the likelihood of a threat being defined in SOAR playbooks.
Which service can be found at the IBM Cloud Pak for Security Core Services layer?
A.- Unified Case Management
B.- Connected Assets and Risks
C.- IBM Cloud Pak for Security Logging
D.- LDAP
A user is not able to open Data Explorer to search data. Which two accesses are needed to troubleshoot
this issue?
A.- access to Manage user
B.- access to Query Builder
C.- access to command line to pull logs
D.- access to Licensing & usage management
E.- access to the Data sources
A user needs to create an Am I Affected report based on their private collection of Indicators of
Compromises (IoCs). The user has enabled the Threat Intelligence Insight application. What other action
should the user take?
A.- Activate the Advanced plan.
B.- Activate the Standard plan.
C.- Deploy the X-Force Exchange API key.
D.- No additional action is required.
How can an administrator confirm that a new data source is connected to IBM Cloud Pak for Security?
A.- Locate the Connected parameter in the data source configuration file.
B.- Verify a valid connection key.
C.- Run a query with IBM Security Data Explorer.
D.- Run a configuration report.
In Orchestration and Automation, how many global roles can be assigned to a group?
A.- 5
B.- 1
C.- unlimited
D.- 4
3. Which CP4S component consolidates asset and risk data to identify security gaps?
a. Connect Asset & Risk (CAR) Database
b. Connect Asset & Risk (CAR) Dataset
c. Consolidated Asset & Risk (CAR) Database
d. Asset Risk & Threat (ART) Database
6. What are the required general fields for a QRadar data connection?
a. Concurrent search limit, query search timeout, result size limit, query time range
b. Connection name, connection description, hostname, port
c. Tenant ID, connection description, Secret, port
d. Concurrent search limit, SEC Token, result size limit, Secret Key
7. What application role can assign access to Threat Intelligence Insights (TII)?
a. TII Administrator and Data Explorer Administrator
b. TII User
c. Data Explorer User
d. Platform Role Administrator
9. What type of certificate is required for a CP4S installation not on IBM Cloud?
a. Hypertext Transfer Protocol Secure (HTTPS) Certificate
b. Public Key infrastructure (PKI) Certificate
c. Transport Layer Security (TLS) Certificate
d. Secure Sockets Layer (SSL) Certificate
10. Compete the following statement. 'IBM Cloud Pak for Security provides a platform ___ _?
a. to manage all platforms from anywhere.
b. to undertake costly migration projects, complex integrations, and continuously
switch between different screens and products.
c. to help more quickly integrate your existing security tools to generate deeper
insights into threats across hybrid, multicloud environments, using an infrastructureindependent
common operating environment that runs anywhere.
d. to move client operations to the cloud piece by piece, with applications and data
spread across multiple clouds and on-premise resources.
13. When a user is granted access to a data source, which roles can be assigned?
a. Admin, user, no access
b. Operator, admin, user
c. Owner, viewer, no Access
14. Which statement about a Fred’s entitlement to multiple apps in Cloud Pak for Security is
true??
a. Fred cannot be assigned as Admin in more than one app.
b. Fred can be assigned Admin id App A and User in App B.
c. Fred must be assigned a user in app a if he is already a user in App B.
15. What must you obtain from QRadar to access QRadar data in Cloud Pak for Security
dashboard widgets?
a. Qradar username and password
b. Server name indicator
c. Qradar authorized service token
16. What is the time range for overnight automated Am I Affected scans when the Threat
Intelligence Insights Advanced plan is active?
a. 12 hours
b. 72 hours
c. 24 hours
18. Which two third-party threat intelligence feeds can be enabled in Cloud Pak for Security?
a. Virustotal
b. Trustwave Spider Labs
c. Mandiant Threat Intelligence
d. Swimlane TI
e. Crowdstrike
19. How can you determine if the Orchestration and Automation license is not applied?
a. Go to Application settings > Orchestration & Automation > SOAR Playbooks,
clicking Customization Settings > Scripts, and see a message The Action
Module is not enabled.
b. Case management is not available.
c. SOAR is not installed.
20. How is the Orchestration and Automation license installed?
a. Enter license when installing the SOAR app.
b. Create a secret named isc-cases-customer-license with the license key in
OpenShift.
c. The license is installed automatically
21. How is the Threat Intelligence Insights app disabled when it is no longer needed?
a. Delete the app pods
b. Disable the app in Settings > Application Settings
c. Uninstall Treat Intelligence Insights