IBM Security QRadar SIEM V7.4.3 Administration — Question 41
A QRadar deployment professional needs to add a managed host to help reduce the load on the QRadar Console.
The managed host should have local storage and also use the QRadar Custom Rule Engine.
Which managed host does the deployment professional add?
Answer options
- A. Event Collector
- B. App Host
- C. Disconnected Log Collector
- D. Event Processor
Correct answer: D
Explanation
The correct choice is D, Event Processor, as it is designed to handle event processing while using local storage and the QRadar Custom Rule Engine. The other options, such as Event Collector and App Host, do not fulfill the requirement of processing events in conjunction with the Custom Rule Engine, and the Disconnected Log Collector is primarily for log collection without processing capabilities.