IBM Security QRadar V7.3.1 Fundamental Administration — Question 9

An administrator manages a Guardium environment including 4 Collectors exporting data to an Aggregator. The Collectors export their data daily at 2, 3, 4 and 5 am Eastern Standard Time (EST) respectively. The Collectors receive traffic every day. The logs on all the Collectors confirm data is exported daily without errors, and all the exported files always have data. A Session report is run on the Aggregator at noon EST for data from the last day.
Which of the following will ensure there is data in the report?

Answer options

• A. Schedule Data Purge on the Aggregator to run every day after 5 am EST.
• B. Schedule Data Import on the Aggregator to run at any time of the day.
• C. Schedule Data Import in the Aggregator to run every day before 2 am EST.
• D. Schedule Data Import on the Aggregator to run every day at 6 am EST or later.

Correct answer: C

Explanation

The correct answer is C because scheduling Data Import before 2 am EST ensures that all data exported by the Collectors at 2 am and later is included in the report generated at noon. Options A and D do not guarantee that all data will be included in the report since they run after the first Collector's export. Option B does not specify a time that ensures data is available for the report.