Number of questions: 60
Number of questions to pass: 40
Time allowed: 90 mins
Status: Live
The test consists of 5 sections containing a total of approximately 60
multiple-choice questions. The percentages after each section title reflect the
approximate distribution of the total question set across the sections.
Section 1: Implementing 8% Plan and design QRadar deployment.
Implement and install QRadar.
Add Managed Hosts.
Section 2: Migrating and upgrading 12% Plan QRadar upgrade and migration.
Review documentation and release notes.
Perform QRadar updates, patches and upgrades.
Perform migration (e.g., backup and restore, import and export content).
Section 3: Configuring and administering tasks 42% Configure event flow sources and custom properties.
Maintain configuration and data backups.
Create and administer users, user roles, and security profiles.
Manage the license per allocation.
Create, review and modify rules, building blocks and reference sets.
Configure and manage retention policies (i.e., data and assets).
Create and manage saved searches, index, global views, dashboards and reports.
Deploy and manage applications and content packages.
Configure global system notifications.
Configure and apply network hierarchy.
Configure and manage domain and tenants.
Use the asset database.
Schedule and run a VA scan.
Section 4: Monitoring 25% Monitor QRadar Notifications and error messages.
Review and interpret system monitoring dashboards.
Verify QRadar processes and services.
Monitor QRadar performance.
Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview,
DrQ).
Check system maintenance and health of appliances.
Monitor offenses and detect anomalies.
Section 5: Troubleshooting 13% Demonstrate knowledge of key commands to interpret QRadar services and
processes.
Explain error messages and notifications.
Interpret the basic logs (e.g., qradar.error, qradar.log).
Use embedded troubleshooting tools and scripts.
Status: Live This intermediate level certification targets analysts that have knowledge
and technical skills in CompTIA Cybersecurity and IBM Security QRadar SIEM.
The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful
candidates have the knowledge and skills required to configure and use threat
detection tools, perform data analysis and interpret the results to identify
vulnerabilities, threats and risks to an organization, with the end goal of
securing and protecting applications and systems within an organization.
This IBM Security QRadar SIEM administrator certification verifies one can
demonstrate the technical knowledge to support IBM Security QRadar SIEM V7.3.2,
including implementation and management of an IBM Security QRadar SIEM V7.3.2
solution. Overall, these administrators are familiar with the product's
functionality and its security policies. They plan, install, configure,
implement, deploy, migrate, upgrade, monitor and troubleshoot the IBM Security
QRadar SIEM V7.3.2 software.
Recommended Prerequisite Skills Test CS0-001, CompTIA CySa+ (CyberSecurity Analyst)
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on
information security or related experience. While there is no required
prerequisite, CySA+ is intended to follow CompTIA Security+ or equivalent
experience and has a technical, hands-on focus.
Test C1000-026, IBM QRadar SIEM V7.3.2 Fundamental Administration
Basic knowledge of:
RedHat
Networking
Basic Query Language
Regular Expressions
System architecture design
Security platforms
Status: Live This entry level certification is intended for administrators who can
demonstrate basic support and technical knowledge of IBM Security QRadar SIEM
V7.3.2, including implementation and management of an IBM Security QRadar SIEM
V7.3.2
solution.
Overall, these administrators are familiar with product functionality and the
security policies. They plan, install, configure, implement, deploy, migrate,
upgrade, monitor and troubleshoot the IBM Security QRadar SIEM V7.3.2 software.
Note: The function of specific apps, apart from the two bundled with the
product, is out of scope, but the concept of extending the capability of using
apps is in scope.
Recommended Prerequisite Skills
Basic knowledge in: RedHat
Networking
Basic Query Language
Regular Expressions
System architecture design
Security platforms
Number of questions: 60
Number of questions to pass: 38
Time allowed: 90.0 mins
Status: Live
The test consists of 5 sections containing a total of approximately 60
multiple-choice questions. The percentages after each section title reflect the
approximate distribution of the total question set across the sections.
Section 1: Monitor outputs of configured use cases. 15% Perform dashboard customization.
Review outputs in all available QRadar Tabs (Dashboards, Log Activity, Network
Activity, Assets, etc.).
Navigate to, from and within an offense.
Distinguish offenses from triggered rules.
Review security access trends and anomalies.
Review security risks and network vulnerabilities detected by QRadar.
Describe the different types of rules like behavioral, event, flow, common,
offense, anomaly and threshold rules.
Section 2: Perform initial investigation of alerts and offenses created by
QRadar. 35% Describe the use of the magnitude of an offense.
Describe the QRadar network hierarchy.
Explain Offense details on offense details view, why/how it was created.
Identify contributing event and or flow information for an offence.
Show offense lifecycle (e.g., Open, Closed, Assigned, Hidden, Protected).
Illustrate the right click function (ie., event filtering, plugins, information,
navigate, other).
Break down triggered rules to identify the reason of the offense.
Distinguish potential threats from probable false positives.
Review the vulnerabilities and threat assessment of the hosts that are involved
in the offense.
Describe the roles of security devices such as firewall, IDS/IPS, Proxy,
Authentication devices, Antivirus software supported by QRadar.
Perform offense management such as assign an offense to a user, close, protect
or hide an offense, add notes, send email or mark the offense for follow-up.
Demonstrate how to export Flow/Event data for external analysis.
Summarize the characteristics of the Standard Custom Properties, User-defined
Custom Properties and Normalized properties.
Outline Offense Closing Procedures.
Section 3: Identify and escalate undesirable rule behavior to administrator.
20% Report potential false positives.
Report rule usage and offenses generated by those rules.
Report any abnormal security access trends and events to security admins.
Report threats, risks, or vulnerabilities to network/security admins, based on
severity.
Outline simple Offense naming mechanisms.
Interpret rules that test for regular expressions.
Explain relevant test and the test order of the rules.
Illustrate the difference between rule responses and rule actions (e.g.
limiter).
Recognize the "special" Building Blocks: Host Definition, Cat Definition, Port
Definition.
Describe the usage of the log sources, flow sources, vulnerability scanners, and
reference data.
Identify why rules are not being triggered as expected (e.g., dropped from CRE,
or local vs global, stateful counters).
Section 4: Extract information for regular or adhoc distribution to consumer
of outputs. 17% Perform searches using filters.
Perform Quick (Lucene) searches.
Perform Advanced (AQL) searches.
Explain the different uses for each search type (ie., filtered, Quick and
Advanced).
Intepret a timeseries graph in a dashboard.
Select suitable standard Reports for a situation.
Create and generate scheduled and manual reports.
Share findings about offenses by distributing offense detail via email.
Discuss the content of an event or flow, including the normalized fields.
Section 5: Identify and escalate issues with regards to QRadar health and
functionality. 13% Explain QRadar architecture by summarizing QRadar components (ie., Console,
Event Processor, Event Collector, Flow Processor, Data Nodes and Flow Collector,
App host).
Interpret common system notifications.
Illustrate the impact of QRadar property indexes.
Distinguish when an event has coalesced information in it.
Illustrate events that are not correctly parsed.
Explain QRadar timestamps (e.g., Log Source Time, Storage time, Start time).
Report any agents or log sources that are not reporting to QRadar on a regular
basis.
Status: Live This entry level certification is intended for security analysts who wish to
validate their comprehensive knowledge of IBM Security QRadar SIEM V7.3.2.
These security analysts will understand basic networking, basic Security and
SIEM and QRadar concepts.
They will also understand how to log in to, navigate within, and explain
capabilities of the product using the graphical user interface.
Additionally, they will also be able to identify causes of offenses, and access,
interpret, and report security information in a QRadar deployment.
Note: The function of specific apps, apart from the two bundled with the
product, is out of scope, but the concept of extending the capability of using
apps is in scope.
Recommended Prerequisite Skills
Basic knowledge of:
SIEM concepts
TCP/IP Networking
IT Security concepts
General IT skills (browser navigation etc...)
internet security attack types
additional features that need additional licenses including but not limited to
QRadar Vulnerability Manager, QRadar Risk Manager, QRadar Flows, Incident
Forensics
Requirements
This certification requires 1 exam
Exam Required:
Click on the link below to see exam details, exam objectives, suggested training
and sample tests.
C1000-018 - IBM QRadar SIEM V7.3.2 Fundamental Analysis
The test:
is available at a 50% discount from July to September 2019. To receive the
discount, register for and take Test C1000-018 with promotion code HUCSECURE
from July to September 2019.
contains questions requiring single and multiple answers. For multiple-answer
questions, you need to choose all required options to get the answer correct.
You will be advised how many options make up the correct answer.
is designed to provide diagnostic feedback on the Examination Score Report,
correlating back to the test objectives, informing the test taker how he or she
did on each section of the test. As a result, to maintain the integrity of each
test, questions and answers are not distributed.
Description The "SAP Certified Application Associate - SAP Extended Warehouse Management
9.5" certification exam validates that the candidate possesses the fundamental
and core knowledge required of the SAP EWM Implementation Consultant profile.
This certification proves that the candidate has an overall understanding and
in‐depth technical skills to participate as a member of a project team in a
mentored role. This certification exam is recommended as an entry level
qualification. NOTE: This exam is also relevant for customers and partners
implementing embedded EWM in SAP S/4HANA as the functionality is almost
identical. However, to get a foundational understanding of SAP S/4HANA embedded
analytics and SAP Fiori UX technologies, we recommend you supplement your
training by completing the S4H00 – SAP S4HANA Overview (S4H00e in e-learning)
course.
Notes
To ensure success, SAP recommends combining education courses and hands-on
experience to prepare for your certification exam as questions will test your
ability to apply the knowledge you have gained in training.
You are not allowed to use any reference materials during the certification test
(no access to online documentation or to any SAP system).
Topic Areas Please see below the list of topics that may be covered within this
certification and the courses that cover them. Its accuracy does not constitute
a legitimate claim; SAP reserves the right to update the exam content (topics,
items, weighting) at any time.
Outbound Processes (Wave Mgmnt., CD, Production Integration) > 12%
Combine Outbound Deliveries using Wave Management, Packing and Kitting in
Outbound Processes, and stage Products for Production.
Process & Layout Oriented Storage Control 8% - 12%
Create the Customizing Settings and use Process & Layout Oriented Storage
Control.
EWM110 (EWM 9.5)
EWM120 (EWM 9.5)
Warehouse Structure, Resource Management and EWM Master Data 8% - 12%
Define the Warehouse Structure and set up Resource Management; create EWM Master
Data like Storage Bins and Products, Packaging Specifications, Supply Chain
Units, and Business Partners.
EWM110 (EWM 9.5)
EWM120 (EWM 9.5)
Warehouse Process Types, Warehouse Task Creation, Strategies 8% - 12%
Define Warehouse process types and set up determination. Define Putaway and
Picking Strategies.
EWM110 (EWM 9.5)
Shipping and Receiving < 8%
Describe Yard Management, Dock Appointment Scheduling, and use Shipping Cockpit.
Customize Service Profiles and Delivery Documents.
EWM110 (EWM 9.5)
Warehouse Order and Warehouse Order Creation Rules < 8%
Define Warehouse Order Creation Rules.
EWM110 (EWM 9.5)
General Information
Exam Preparation IMPORTANT: All SAP consultant certifications are now available as Cloud
Certifications in the Certification Hub and can be booked with product code
CER006. With CER006 – SAP Certification in the Cloud, you can take up to six
exams attempts of your choice in one year – from wherever and whenever it suits
you! Test dates can be chosen and booked individually.Those of you who prefer to
get certified on-site at an SAP training center instead can still do so.
Official dates for the certification tests are listed on the right.
Each specific certification comes with its own set of preparation tactics. We
define them as "Topic Areas" and they can be found on each exam description. You
can find the number of questions, the duration of the exam, what areas you will
be tested on, and recommended course work and content you can reference.
Certification exams might contain unscored items that are being tested for
upcoming releases of the exam. These unscored items are randomly distributed
across the certification topics and are not counted towards the final score. The
total number of items of an examination as advertised in the Training Shop is
never exceeded when unscored items are used.
Please be aware that the professional- level certification also requires several
years of practical on-the-job experience and addresses real-life scenarios. QUESTION: 1
At which organizational level is the storage Bin unique in SAP extended
warehouse management SAP EWM?
Please choose the correct answer.
Response:
A. warehouse number
B. activity area
C. storage selection
D. storage type
Answer: A
QUESTION: 2 Which standard process is supported in the SAP Extended Warehouse Management
(SAP EWM) radio frequency (RF) framework?
There are 2 correct answers to this question.
Response:
A. Delivery creation
B. Goods issue posting
C. Warehouse order confirmation
D. Deconsolidation
Answer: C,D
QUESTION: 3 What must you configure to use a new SAP Extended Warehouse Management (SAP
EWM) stock type?
There are 2 correct answers to this question.
Response:
A. Non-location-specific stock type
B. Stock type determination
C. Stock type table in Logistics Inventory Management Engine (LIME)
D. Warehouse management monitor
Answer: B,C
QUESTION: 4 Which statement is true regarding Outbound Process Documents?
There are 2 correct answers to this question
Response:
A. The outbound delivery request is a document containing all the relevant
logistics data in the outbound delivery process from the origin of the outbound
delivery process.
B. The outbound delivery order is a document containing all the data required
for triggering and monitoring the complete outbound delivery process.
C. The outbound delivery is a document representing the goods to be delivered
together to a billing document.
D. The outbound delivery request is a document containing all the relevant
logistics data in the inbound delivery process from the origin of the outbound
delivery process.
Answer: A,B
QUESTION: 5 Which process is used to relocate stock to its optimal location in the
warehouse?
Please choose the correct answer.
Response:
A. Rearrangement
B. Direct putaway
C. Slotting
D. Replenishment
QUESTION: 1
A car manufacturer has several QlikView apps. The manufacturer decides to migrate some specific
apps to Qlik Sense. The manufacturer wants to reuse front-end variables from the previous QlikView
app.
Which strategy should a data architect use to meet these requirements?
A. Use the QlikView converter within the Dev Hub of Qlik Sense
B. Drag and drop a QVW file into the Qlik Sense hub and create a new app
C. Export the existing LOAD script into a QVS file for later reuse in Qlik Sense
D. Copy and paste the LOAD script of the existing QlikView app into the new app
Answer: A
QUESTION: 2
A healthcare organization needs an app to track patient encounters, patient lab orders, and patient
medications.
• Encounters, lab orders, and medication data are maintained in three separate tables linked by
PatientID
• PatientID values in all three tables are completely accurate
• Patients may have encounters without lab orders or medications
The data architect needs to make sure that the count of patient lab orders is correct. Which method
should the data architect to meet this requirement?
A. Load all three tables, create a copy of PatientID in the lab orders table as LabPatientID, and use
Count(Distinct LabPatientID)
B. Load all three tables and use Count{Distinct PatientID)
C. Load all three tables and use Count(PatientlD)
D. Load all three tables, create a copy of PatientID in the lab orders table as LabPatientID, and use
Count(LabPatientlD)
Answer: A
QUESTION: 3
Refer to the exhibit.
A data architect needs to build a sales dashboard. Data is stored in a legacy database. The extracted
data contains the date in the format, 'YYYYDDMM'
Due to the source date format, the dates are being loaded as numbers.
Which function should the data architect use to fix this issue?
A. Timestamp
B. Date
C. Date#
D. Timestamp#
Answer: C
QUESTION: 4
A data architect uses the Qlik GeoAnalytics connector to determine the closest airports to cities in an
existing app. The built-in location servicetjenerates data for the airport locations The data load editor
runs the script and sees a circular reference and a synthetic key
How should the data architect fix these issues'?
A. When selecting an operation in the Qlik GeoAnalytics connector, select Only load distinct .
B. When choosing which data to load, uncheck the non-unique field in the new data tables.
C. Concatenate the airport table and the existing tables into one master table.
D. When selecting an operation in the Qlik GeoAnalytics connector, change the CRS to 'None".
QUESTION: 1
After an Avaya Aura® Communication Manager (CM) upgrade, a customer called Avaya support
because their SIP telephones were unable to login. Support was able to confirm that the telephones
had not been upgraded.
Which pre-implementation step was omitted?
A. Provide accurate licensing specification.
B. Verify version installed is compatible with existing versions.
C. Test all third-party equipment and software.
D. Access support.avaya.com to verify customer systems compatibility.
Answer: B
QUESTION: 2
Which two statements regarding the core architecture in the Avaya Aura® 7 solution are true?
(Choose two.)
A. SIP trunks can only be configured on Avaya Aura® Session Manager (SM).
B. SIP user Agents register with Avaya Aura® Session Manager (SM).
C. SIP User Agents can register to Avaya Aura® Communication Manager (CM) or Avaya Aura®
Session Manager (SM).
D. Avaya Aura® Media Server (AAMS) cannot connect to Avaya Aura® Communication Manager (CM)
without routing via Avaya Aura® Session Manager (SM).
E. Avaya Aura® Media Server (AAMS) connects directly to Avaya Aura® Communication Manager
(CM) using SIP.
Answer: B,E
QUESTION: 3
Which statement about Interfaces and IP addresses on an Avaya Session Border Controller for
Enterprise (SBCE) used for SIP-Trunking and Remote Worker services is true?
A. SIP Trunking and Remote Worker services can use different IP addresses configured on the same
Interface.
B. SIP-Trunking and Remote Worker services can share the same IP address.
C. Only one IP-address should be configured per interface.
D. SIP-Trunking and Remote Worker services cannot run on the same SBCE.
Answer: A
QUESTION: 4
A remote worker using the Avaya Communicator on the smart mobile phone obtains a private IP
address delivered from the corporate network over WiFi when in range of the wireless hot-spot.
When the remote worker is out of range of the corporate WiFi it obtains a Public IP address via the
3G/4G mobile Service Provider.
When roaming from the public network to the corporate private network and vice versa, which
strategy prevents the user from having to change the SIP Proxy Server address in the smartphone?
A. Network Address Translation (NAT)
B. Avaya Session Border Controller for Enterprise (SBCE) public IP-address
C. Split Horizon DNS with FQDN
D. Virtual Private Network (VPN)
Answer: C
QUESTION: 5
A customer called Avaya Support after their telecom administrator was unable to add 50 new
telephones for new hires. Avaya support determined that the number of telephones exceeded the
capacity the system could support.
Which pre-implementation step was omitted?
A. Accessing support.avaya.com to verify customer systems compatibility.
B. Testing all third-party equipment and software.
C. Verifying that the version installed is compatible with existing versions.
D. Providing accurate licensing specification.
A Splunk Core Certified User is able to search, use fields, create alerts, use
look-ups, and create basic statistical reports and dashboards in either the
Splunk Enterprise or Splunk Cloud platforms. This entry-level certification
demonstrates an individual's basic ability to navigate and use Splunk software.
Exam Description:
The Splunk Core Certified User exam is the final step towards completion of the
Splunk Core Certified User certification. This entry-level certification exam is
a 57-minute, 60-question
assessment which evaluates a candidate’s knowledge and skills to search, use
fields, create alerts, use lookups, and create basic statistical reports and
dashboards. Candidates can expect an additional 3
minutes to review the exam agreement, for a total seat time of 60 minutes.
Candidates for this certification must complete the lecture, hands-on labs, and
quizzes that are part of the Splunk
Fundamentals 1 course in order to be eligible for the certification exam. Splunk
Core Certified User is a required prerequisite to the Splunk Core Certified
Power User certification track.
The following content areas are general guidelines for the content to be
included on the exam:
● Introduction to Splunk's interface
● Basic searching
● Using fields in searches
● Search fundamentals
● Transforming commands
● Creating reports and dashboards
● Creating and using lookups
● Scheduled reports
● Alerts
● Using Pivot
The following content categories and objectives provide more specific guidance
for the purpose of exam composition; however, other related topics may also
appear on any specific delivery of the exam. In order to better reflect the
contents of the exam and for clarity purposes, the guidelines below may change
at any time without notice.
1.0 Splunk Basics 5% 1.1 Splunk components
1.2 Understand the uses of Splunk
1.3 Define Splunk apps
1.4 Customizing user settings
1.5 Basic navigation in Splunk
2.0 Basic Searching 22% 2.1 Run basic searches
2.2 Set the time range of a search
2.3 Identify the contents of search results
2.4 Refine searches
2.5 Use the timeline
2.6 Work with events
2.7 Control a search job
2.8 Save search results
3.0 Using Fields in Searches 20%
3.1 Understand fields
3.2 Use fields in searches
3.3 Use the fields sidebar
4.0 Search Language Fundamentals 15% 4.1 Review basic search commands and general search practices
4.2 Examine the search pipeline
4.3 Specify indexes in searches
4.4 Use the following commands to perform searches: tables, rename, fields,
dedup, & sort
5.0 Using Basic Transforming Commands 15% 5.1 The top command
5.2 The rare command
5.3 The stats command
6.0 Creating Reports and Dashboards 12% 6.1 Save a search as a report
6.2 Edit reports
6.3 Create reports that display statistics (tables)
6.4 Create reports that display visualizations (charts)
6.5 Create a dashboard
6.6 Add a report to a dashboard
6.7 Edit a dashboard
7.0 Creating and Using Lookups 6% 7.1 Describe lookups
7.2 Examine a lookup file example
7.3 Create a lookup file and create a lookup definition
7.4 Configure an automatic lookup
7.5 Use the lookup in searches
