You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to be processed by the CRE, but not stored on the system.
What will allow you to do this process?
A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Raw Event" format. Then select the ‘Forward’ and ‘Drop’ options. Save and deploy.
B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Normalized Event" format. Then select the ‘Forward’ and ‘Drop’ options. Save and deploy.
C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the ‘Forward’ and ‘Drop’ options. Save and deploy.
D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the ‘Forward* and ‘Drop* options. Save and deploy.
|
Download Printable PDF. VALID exam to help you PASS. |
 |