IBM Security QRadar V7.3.1 Fundamental Administration — Question 11
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?
Answer options
- A. Log Only
- B. Alert Only
- C. Alert Daily
- D. Alert Per Match
Correct answer: C
Explanation
The correct answer, Alert Daily, allows for notifications to be sent without retaining excessive data in the Guardium internal database. Log Only would store the data but does not send alerts, Alert Only would send alerts without data storage, and Alert Per Match would generate too many alerts, increasing data storage unnecessarily.