A Deployment Professional is alerted that flows between two assets within a local network are communicating at a higher rate than normal between midnight and 2 a.m. The Deployment Professional is asked to determine why this is occurring and decides to create an alert that will send a notification when the communication happens again. Which action could be used?
A. Run an AQL query
B. Perform Quick search
C. Perform Custom search
D. Create rule to test for events/flows
Answer: D
A custom with IBM Security QRadar SIEM V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication servers are down and some users tried to log in before the authentication servers came back up. What will happen to these users?
A. Local users are able to log in with their local password.
B. Active Directory users are able to log in with their password.
C. Administrative and non-administrative users are unable to log in with their password until authentication servers come back online.
D. Logging on is restricted to administrative users and non-administrative will needed to wait until the authentication server comes back online.
Answer: D
