IBM Exam C1000-156 Topic 8 Question 23 Discussion

Actual exam question for IBM's C1000-156 exam

Question #: 23
Topic #: 8

What is the most restrictive permissions a user needs in order to see all of the events from a particular log source in the Log Activity tab?

AThe user needs access to the Networks AND Log Sources to see a particular log in the activity tab.

BThe user's security profile must include that log source, and the profile needs permission to Networks AND Log Sources.

CA user needs access to Flow Sources Only.

DThe log source must be included in the user's security profile and the profile needs its precedence set to Log Sources Only.

Show Suggested Answer

Suggested Answer: D

If the option 'Include in my Dashboard' cannot be selected when creating a saved search in IBM QRadar SIEM V7.5, a possible reason is insufficient permissions. Here's why:

Permissions: The user needs appropriate permissions to add saved searches to the dashboard.

Role-Based Access Control: QRadar uses role-based access control to manage user permissions. The user's role must include the necessary privileges to modify dashboards.

Verification: Ensure that the user has the correct permissions assigned. This can be checked and adjusted in the user management settings.

Reference IBM QRadar SIEM administration guides explain the permissions required for various actions, including adding saved searches to dashboards, and how to configure user roles and permissions.

by Nichelle at Jan 25, 2025, 08:16 PM

Limited Time Offer

25%

24 days ago

I think the answer is B) The user's security profile must include that log source, and the profile needs permission to Networks AND Log Sources.

upvoted 0 times

...