Which of these statements regarding the network activity tab is true?

You can search, monitor, and investigate flow data in real time. You also can run advanced searches to filter the displayed flows. View flow information to determine how and what network traffic is communicated.

You can not display interactive time series charts that represent the records that are matched by a specific time interval search

You can not save configured search criteria so that you can reuse the criteria and use the saved search criteria in other components, such as reports. Saved search criteria does not expire.

You can search, monitor, and investigate events data in real time. You also can run advanced searches to filter the displayed events. View event information to determine how and what database traffic is communicated.

Based on which factors will the magistrate prioritize the offenses and assign the magnitude values?

Risk, severity, and number of events

Credibility, priority, and number of events

What parameters can an analyst define while configuring a new reference set in Admin Tab in Reference Set Management?

Name, Type, Time to Live, Expiration

Rule Name, Response, Value, Origin

Category Name, Group, Date Last Seen, Value

How can a QRadar analyst identify the gap between the rules deployed on QRadar and rules needed to cover the security use cases?

Use the content extension filters on Use Case Manager app

Use the Offense tab to add new rules

Use the IBM X-Force Exchange portal

In QRadar, what do threshold rules test events and flows for?

Test against incoming flow data that is processed by the QRadar Flow Processor

Test events or flows for activity that is greater than or less than a specified range

Test events or flows for volume changes that occur in regular patterns to detect outliers

Test event and flow traffic for changes in short-term events when you are comparing against a longer timeframe

What must be configured for QRadar to determine flow traffic directions and benefit to from useful building blocks in rules?

X-Force Indicators of Compromise

To take advantage of lazy search, what must the analyst's profile contain?

Configured permission to access the network tab

Configured domain for the type of data being searched and non-administrator security profile

Configured tenant for the data searched and required resource restriction for the search query

Configured permission precedence to no restrictions and access to all networks and log sources

An analyst reviewed an active offense that was conducted by many users, generating many events in the same category, targeting many systems. Upon further analysis, the analyst determined that the traffic from the Source IP is a new legitimate Nessus scanner and should not contribute to the offenses. Which tuning methodology guideline can the analyst use to tune out this traffic?

Add the IP to the Exclude from Analytics Reference Set

Add a Routing Rule to drop the events seen from the Source IP

Add the hostname to the BB: VA Scanner Source Host building block

Add the IP address to the BB: VA Scanner Source IP building block

What is the correct order of the steps for configuring a dashboard item?

Select the dashboard that contains the item you want to customize

On the header of the dashboard item you want to configure, click the Settings icon

Which statement about shared dashboards in the Pulse app is true?

Users can see the default dashboard parameter values

Any updates that you make to the shared dashboard are seen by other users

Shared dashboards can be shared again to additional users

The shared dashboard has the privileges of the original user

What option must be selected to use a custom property to index an offense?

Enable for use in Rules, Forwarding Profiles, and Search Indexing.

Enable for use in Routing Rules, Event Forwarding, and Flow Indexing.

Ensure the detected event is part of an offense and the property type must be extraction based.

Ensure the detected event is part of an offense and the custom property field type must be alphanumeric.

An analyst copied a query from a Microsoft Word document that the team manager provided. Select Qidname(qid) as ‘Event Name’ From events Last 1 hours When the analyst attempted to run the query an error occurred. What is the cause of the error?

The query is using SQL language syntax and need to be adapted to the updated AQL v.420

A semi-colon must be used between each line.

Single quotation marks need to be retyped when copied.

Queries copied from outside QRadar must be in one line.

What is the procedure for duplicating a report from the Reports tab?

Click Action > Duplicate Report Select the report to duplicate and click Finish

Right-click the report to duplicate Click Duplicate and type a new name for the report

Click Actions, then select the report to duplicate from the pop-up window Click Duplicate and type a new name for the report

Highlight the report to duplicate by left-clicking on it once. From the Actions list, click Duplicate and type a new name for the report

An analyst is investigating rules that are deployed in the QRadar deployment. Where does the analyst determine which rules are most active in generating offenses?

In the Offenses tab, on the Rules menu, checking the Offense Count column

In the Offenses tab, on the All Offenses menu, checking the Flows column

In the Offenses tab, on the My Offenses menu, checking the Events column

In the Offenses tab, on the Rules menu, checking the Events/Flow Count column

What are two (2) reasons for using the QRadar Use Case Manager app?

Ensure that QRadar is optimally configured to accurately detect threats throughout the attack chain

Expose pre-defined mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

Communicate insights and analysis about your network

Present data in graph format, so you can quickly assess the vulnerabilities in your network.

Determine the risk profiles of users inside your network and to take action when the app alerts you to threat.

An analyst enabled the Source Network property index one month ago. What is the reason that the "% of Searches Using Property" column is zero?

The index is not used in the searches.

The index was not saved correctly.

Percentages might not roll-up correctly due to rounding error.

How can a QRadar analyst quickly locate results when searching for a specific result from large data sets or long time frames?

Add an indexed filter, such as a Log Source Type, Event Name, or Source IP.

Start the searches without any filters.

Add only a payload filter to the search.

Add any filter that does not have [Indexed] appended to it.

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

Professional Development

•

40 Qs

Similar activities

MEFA-Quiz 1.4 INTRODUCTION TO DEMAND and DEMAND ANALYSIS

Professional Development

•

40 Qs

CSS SCMAC

Professional Development

•

35 Qs

CH 03 - Property Taxation & Assessment

Professional Development

•

39 Qs

1. CPA Financial Accounting & Reporting Quick Revision Module 1

Professional Development

•

40 Qs

FA Study

Professional Development

•

40 Qs

Seer 365 - Q2 Quiz Event

Professional Development

•

41 Qs

death toll

7th Grade - Professional Development

•

36 Qs

FARAP12BB - Post Employment Benefits

Professional Development

•

45 Qs

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

Quiz

•

Business

•

Professional Development

•

Practice Problem

•

Hard

Number One

FREE Resource

40 questions

Show all answers

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two (2) statements about offense chaining are true?

Offense chaining causes performance issues in IBM QRadar

Offense chaining is based on the offense index field that is specified on the rule

Offense chaining is based on the generated CRE event that is specified in the rule response

A chained offense is identifiable when "preceded by" is in the Descriptions field on the Offense Summary page

If the rule is configured to use the Source IP address as the offense index field, there is only one offense that has that Source IP address, regardless of the offense status

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Offense chaining is possible based on which parameter?

Rule type

Rule response

Offense index field

Rule response limiter

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In QRadar, where is a list of offenses displaying associated source IP addresses?

Offense Summary > By Source IP

Offense Summary > New Search > Advanced Search

Log Activity > Offense Source Summary > Offenses

Log Activity > Add Filter > Source IP > offense_assigned

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A QRadar analyst can export MITRE mappings, which can later be imported into another QRadar deployment. What is another use for the exported MITRE mappings?

Mappings can be a log source configuration backup solution

The export can be a log source group configuration backup solution

MITRE coverage file can be imported into MITRE ATT&CK Navigator

The export contains event details which can be re-run by using the QRadar Experience Center app

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which parameter indicates the reliability of an offense configured in the log source, and is boosted when multiple sources report the same event?

Relevance

Credibility

Event severity

Trustworthiness log

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two (2) types of information are taken into consideration when calculating the magnitude of an offense?

The number of rules matched to the offense

The number of searches associated with the offense

The CVSS score of the log sources that are involved in the offense

The number of events and flows that are associated with the offense

The categories, severity, relevance, and credibility of the events and flows that contribute to the offense

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What are events called when they are classified in the proper log source?

Stored events

Parsed events

Payload events

Unknown events

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

42 questions

Scrum-Agile Quiz # 2

Quiz

•

Professional Development

40 questions

Brand Management - Topic 1

Quiz

•

Professional Development

41 questions

PART 5 SAP FI QUESTIONS

Quiz

•

Professional Development

40 questions

Advanced Understanding of Payroll

Quiz

•

Professional Development

40 questions

SOCIAL ENTREPRENEURSHIP BS ENTREPRENEURSHIP 4-1

Quiz

•

Professional Development

43 questions

CH 14 - Landlord and Tenant

Quiz

•

Professional Development

42 questions

home loans basics

Quiz

•

Professional Development

40 questions

MLeader Unit 1-7

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

Honoring the Significance of Veterans Day

Interactive video

•

6th - 10th Grade

9 questions

FOREST Community of Caring

Lesson

•

1st - 5th Grade

10 questions

Exploring Veterans Day: Facts and Celebrations for Kids

Interactive video

•

6th - 10th Grade

19 questions

Veterans Day

Quiz

•

5th Grade

14 questions

General Technology Use Quiz

Quiz

•

8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

Circuits, Light Energy, and Forces

Quiz

•

5th Grade

19 questions

Thanksgiving Trivia

Quiz

•

6th Grade

Discover more resources for Business

10 questions

Identifying Phishing Emails Quiz

Quiz

•

Professional Development

14 questions

2019 Logos

Quiz

•

Professional Development

10 questions

Thanksgiving Day Quiz - reading passage

Passage

•

Professional Development

20 questions

Prepositions of Place

Quiz

•

Professional Development

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

40 questions

Which two (2) statements about offense chaining are true?

Offense chaining is possible based on which parameter?

In QRadar, where is a list of offenses displaying associated source IP addresses?

A QRadar analyst can export MITRE mappings, which can later be imported into another QRadar deployment. What is another use for the exported MITRE mappings?

Which parameter indicates the reliability of an offense configured in the log source, and is boosted when multiple sources report the same event?

Which two (2) types of information are taken into consideration when calculating the magnitude of an offense?

What are events called when they are classified in the proper log source?

Which of these statements regarding the network activity tab is true?

Which two (2) options are valid to exclude offenses from offense search results?

Based on which factors will the magistrate prioritize the offenses and assign the magnitude values?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Business