IBM Integration Bus v10.0 Solution Developer — Question 19

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and
Domain B. While reviewing the following sample logs, the administrator notices a `context` keyword:
May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
Which options assign the `contextA` logs to DomainA and the `contextB` logs to domain B? (Choose two.)

Answer options

• A. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to both domains using a custom rule.
• B. Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.
• C. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using custom event property value.
• D. Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.
• E. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using a custom rule.

Correct answer: B, D

Explanation

Options B and D are correct because they each involve creating separate log sources that accurately reflect the different contexts, allowing for proper assignment to Domain A and Domain B. Options A, C, and E do not effectively separate the logs by context, which is necessary for correct domain assignment.