IBM Security QRadar SIEM V7.3.2 Fundamental Administration — Question 1

What is the purpose of defining an alert trigger?

Answer options

• A. to report an alert whenever a server issues a specific error message
• B. to change the category of existing alerts on the server
• C. to specify the number of times a specific message must be issued before an alert is triggered
• D. to define custom message numbers for server events

Correct answer: C

Explanation

The correct answer is C because it specifically addresses the requirement of counting the occurrences of a message to trigger an alert. Option A is incorrect as it focuses on reporting an alert for a specific error message rather than counting occurrences. Option B is wrong because it discusses changing alert categories, which is unrelated to triggering. Option D is also incorrect since defining custom message numbers does not relate to the process of triggering alerts.