A deployment professional is redesigning the existing deployment to add a event processor due to an increased event rate. The deployment professional observes the events per second (EPS) to be a collective 30,000 EPS from two event collectors (EC1 and EC2) and sometimes exceeds the EPS capacity. EC1 and EC2 are in same network segment. Considering there are more licenses available than needed in the license pool, which processor should the deployment professional replace the event collector(s) with?

A deployment professional needs to add a new log source using Log File protocol. Which option is valid for retrieving files?

A company has specific data retention policies to keep log data online for 5 years. The current QRadar storage will not handle this amount of data. Which are possible solutions? (Choose two)

As a small company has grown, no standard was defined. Each time the network was expanded, the bid with the lowest cost was accepted. As a result, the infrastructure is a mix of equipment from different manufactures. A deployment professional is planning on standardizing flow collection. Which flow source data format should the deployment professional use?

A deployment professional has been asked to create some Reference Data to be used to provide additional information in the results of Ariel Query Language (AQL) queries. The data will enable a lookup that finds the users's Department based on the username which will be returned by the required AQL function when looked up in the reference data. Which Reference Data should the deployment professional create for this purpose?