IBM Security QRadar SIEM V7.4.3 Administration — Question 55

A QRadar deployment professional needs to transfer the configuration of a distributed environment (one Console and one EP, not using HA) onto an All-in-One (AIO) system to run some forensics against data that will be added later.
What approach should the deployment professional suggest for building the new AIO?

Answer options

• A. Use rsync to transfer the contents of the /store partition to the new system.
• B. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed by use of the GUI.
• C. Because the destination environment does not have the same number of appliances, the only option is to use the content management tool (CMT) to transfer the security configuration.
• D. The configuration of the source environment should be backed up and then restored on the new AIO. After the system is up, the EP can be removed only by use of back-end PSQL commands.

Correct answer: D

Explanation

The correct answer is D because it outlines the proper procedure for backing up and restoring configurations in QRadar, ensuring all necessary components are correctly transitioned. Option A is incorrect as it does not encompass the full configuration transfer process. Option B, while similar, suggests GUI removal of the EP, which is not the correct method. Option C is incorrect because it assumes the content management tool is necessary due to differing appliance counts, which is not the case for transferring configuration.