IBM Security QRadar SIEM V7.4.3 Administration — Question 60

While a search runs on the Network Activity tab, the direction of a set of flows is seen as R2R. The source IP of this set of flows is an internal email server.
What does this situation suggest about the QRadar configuration?

Answer options

• A. QRadar might be having performance issues.
• B. The email server is offline or down.
• C. The email server is not included in the network hierarchy.
• D. The flow pipeline is choked because of high incoming flows.

Correct answer: C

Explanation

The correct answer, C, indicates that the email server is not part of the network hierarchy, which can lead to R2R flows. Options A and D suggest performance issues but do not specifically address the flow direction, while option B implies the server is down, which isn't necessarily indicated by the R2R flows.