ExamTopics Logo
Mail Us[email protected]
Menu
Ibm Discussions
exam questions

Exam C2150-624 All Questions

View all questions & answers for the C2150-624 exam
Go to Exam

Exam C2150-624 topic 1 question 26 discussion

Actual exam question from IBM's C2150-624
Question #: 26
Topic #: 1
[All C2150-624 Questions]

A retention policy allows an IBM Security QRadar SIEM V7.2.8 Administrator to define how long the system is required to keep certain types of data and what to do when data reaches a certain age. If a 3-month retention policy is defined for all events, then the system will not delete event data until its on disk timestamp is
3 months in the past.
Which two choices are available in the delete data in this bucket? (Choose two.)

  • A. When the index is full
  • B. Upon reboot of the system
  • C. When storage space is required
  • D. When performance is heavily affected
  • E. Immediately after retention period has expired
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
From the list box, select a deletion policy. Options include:
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted.
Immediately after the retention period has expired Select this option if you want events to be deleted immediately on matching the Keep data placed in this bucket for parameter.
The events or flows are deleted at the next scheduled disk maintenance process, regardless of free disk space or compression requirements.

Reference -
https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31- a858-4210-b380-4674894a6ad9
by zelesu at April 5, 2025, 9:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel