Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

IBM C1000-162 IBM Security QRadar SIEM V7.5 Analysis Exam Practice Test

Demo: 41 questions
Total 139 questions

IBM Security QRadar SIEM V7.5 Analysis Questions and Answers

Question 1

Which parameters are used to calculate the magnitude rating of an offense?

Options:

A.

Relevance, urgency, credibility

B.

Relevance, credibility, time

C.

Severity, relevance, credibility

D.

Severity, impact, urgency

Question 2

Which two (2) aggregation types ate available for the pie chart in the Pulse app?

Options:

A.

Last

B.

Total

C.

Average

D.

First

E.

Middle

Question 3

Many offenses are generated and an analyst confirms that they match some kind of vulnerability scanning.

Which building block group needs to be updated to include the source IP of the vulnerability assessment (VA) scanner to reduce the number of offenses that are being generated?

Options:

A.

Host reference

B.

Host definitions

C.

Behavior definition

D.

Device definition

Question 4

Which are two (2) types of charts that can be configured in QRadar to display data on the dashboard?

azureindia.starttest.com says

Options:

A.

Radar.0K. Jo confirm your answer(S) and proceed to the next question.

B.

LineClick ’Cancel’ to remain on this question.

C.

Bar

D.

Table

E.

Combo

Question 5

On the Offenses tab, which column explains the cause of the offense?

Options:

A.

Description

B.

Offense Type

C.

Magnitude

D.

IPs

Question 6

Which types of information does QRadar analyze to create an offense from the rule?

Options:

A.

Known vulnerabilities, known threats, and incoming and outgoing events

B.

Incoming and outgoing events, unknown vulnerabilities, and malware

C.

Malware, asset, firewall, and incoming events

D.

Incoming events and flows, asset information, and known vulnerabilities

Question 7

In QRadar. what do event rules test against?

Options:

A.

The parameters of an offense to trigger more responses

B.

Incoming log source data that is processed in real time by the QRadar Event Processor

C.

Incoming flow data that is processed by the QRadar Flow Processor

D.

Event and flow data

Question 8

Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?

Options:

A.

Information

B.

DNS Lookup

C.

Navigate

D.

WHOIS Lookup

E.

Asset Summary page

Question 9

An analyst wants to share a dashboard in the Pulse app with colleagues.

The analyst exports the dashboard by using which format?

Options:

A.

CSV

B.

JSON

C.

XML

D.

PHP

Question 10

Which two (2) are valid options available for configuring the frequency of report execution in the QRadar Report wizard?

Options:

A.

Quarterly

B.

Automatically

C.

Monthly

D.

Yearly

E.

Manually

Question 11

Which two (2) columns are valid for searches in the My Offenses and All Offenses tabs in QRadar?

Options:

A.

Impact

B.

Source IPs

C.

Relevance

D.

Weight

E.

Id

Question 12

In QRadar. what are building blocks?

Options:

A.

A rule under the rule group "System”

B.

A collection of tests that don't result in a response or an action

C.

A network hierarchy node

D.

An entry in the reference set named "System Entries"

Question 13

How can an analyst search for all events that include the keyword "access"?

Options:

A.

Go to the Network Activity tab and run a quick search with the "access" keyword.

B.

Go to the Log Activity tab and run a quick search with the "access" keyword.

C.

Go to the Offenses tab and run a quick search with the "access" keyword.

D.

Go to the Log Activity tab and run this AOL: select * from events where eventname like 'access'.

Question 14

On the Dashboard tab in QRadar. dashboards update real-time data at what interval?

Options:

A.

1 minute

B.

3 minutes

C.

10 minutes

D.

7 minutes

Question 15

When an analyst is investigating an offense, what is the property that specifies the device that attempts to breach the security of a component on the network?

Options:

A.

Source IP

B.

Network

C.

Destination IP

D.

Port

Question 16

Which of the configured parameters is found in the Event Details page?

Options:

A.

Event Processor UUID

B.

High Level Category

C.

Log Source Time

D.

Log Source Group

Question 17

QRadar analysts can download different types of content extensions from the IBM X-Force Exchange portal. Which two (2) types of content extensions are supported by QRadar?

Options:

A.

Custom Functions

B.

Events

C.

Flows

D.

FGroup

E.

Offenses

Question 18

What is the benefit of using default indexed properties for searching in QRadar?

Options:

A.

It increases the amount of data required to be searched.

B.

It improves the speed of searches.

C.

It returns fewer results than non-indexed properties.

D.

It reduces the number of indexed search values.

Question 19

On the Log Activity tab in QRadar. what are the options available when right-clicking an IP address of an event to access more event filter information?

Options:

A.

Filter on. False Positive. More Options. Quick Filter

B.

Filter out, False Negative, More Options, Quick Filter

C.

Filter off, True Positive, Less Options, Quick Search

D.

Filter in, True Negative, Less Options. Quick Search

Question 20

A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.

What parameter and value should the analyst add as filter in the event search?

Options:

A.

Associated with Offense is True

B.

Associated with Rule is True

C.

Associated with Rule is False

D.

Associated with Offense is False

Question 21

From which tabs can a QRadar custom rule be created?

Options:

A.

Log Activity or Network Action tabs

B.

Offenses or Admin tabs

C.

Offenses, Log Activity, or Network Activity tabs

D.

Offenses. Assets, or Log Action tabs

Question 22

How long does QRadar store payload indexes by default?

Options:

A.

7 days

B.

30 days

C.

14 days

D.

90 days

Question 23

What does an analyst need to do before configuring the QRadar Use Case Manager app?

Options:

A.

Create a privileged user.

B.

Run a QRadar health check.

C.

Check the license agreement.

D.

Create an authorized service token.

Question 24

How long will an AQL statement remain in execution if a time criteria is not specified, such as start, end, or last?

Options:

A.

30 minutes

B.

10 minutes

C.

15 minutes

D.

5 minutes

Question 25

What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?

Options:

A.

User tuning

B.

Category definition

C.

Policy

D.

Host definition

Question 26

AQRadar analyst can check the rule coverage of MITRE ATT&CK tactics and techniques by using Use Case Manager.

In the Use Case Manager app, how can a QRadar analyst check the offenses triggered and mapped to MITRE ATT&CK framework?

Options:

A.

By navigating to "CRE Report"

B.

From Offenses tab

C.

By clicking on "Tuning Home"

D.

By navigating to "Detected in timeframe"

Question 27

How can an analyst improve the speed of searches in QRadar?

Options:

A.

Narrow the overall data by adding an indexed field in the search query.

B.

Increase the overall data in the search query.

C.

Use Index Management to disable indexing.

D.

Remove all indexed fields from the search query.

Question 28

What are two (2) Y-axis types that are available in the scatter chart type in the Pulse app?

Options:

A.

Linear

B.

Log

C.

General

D.

Threshold

E.

Dynamic

Question 29

Which condition is required to display the "Include in my Dashboard" parameter in the Log Activity tab while saving a search?

Options:

A.

Filter the columns that are listed in the Available Columns list and disable the Enable Unique Counts to display the flow counts instead of average counts over Real Time

B.

This parameter is only displayed if the search is grouped

C.

The search must be set to Advanced Search and must be propagated with a high level of confidence

D.

The result limits cannot be empty and not in a group

Question 30

Which two (2) dashboards in the Pulse app by default?

Options:

A.

Active threats

B.

System metrics

C.

Summary view

D.

Compliance overview

E.

Offense overview

Question 31

To verify whether the login ID that was used to log in to QRadar is assigned to a user, create a list with the LoginlD parameter.

This example refers to what kind of reference data collections?

Options:

A.

Reference map of maps

B.

Reference login

C.

Reference map

D.

Reference set

Question 32

After analyzing an active offense where many source systems were observed connecting to a specific destination via local-to-local LDAP traffic, an ^lyst discovered that the targeted system is a legitimate LDAP server within the organization.

x avoid confusion in future analyses, how can this type of traffic to the target system be flagged as expected and be excluded from further offense ation?

Options:

A.

Add the IP address of the LDAP server to the BB:Host Definition: LDAP Servers building block.

B.

Remove the IP address of the source systems from the Global False Positive Events building block.

C.

Add the IP address of the source systems to the All Default Positive building block.

D.

Remove the IP address of the LDAP server from the network hierarchy.

Question 33

Which kind of information do log sources provide?

Options:

A.

User login actions

B.

Operating system updates

C.

Flows generated by users

D.

Router configuration exports.

Question 34

The Use Case Manager app has an option to see MITRE heat map.

Which two (2) factors are responsible for the different colors in MITRE heat map?

Options:

A.

Number of offenses generated

B.

Number of events associated to offense

C.

Number of rules mapped

D.

Level of mapping confidence

E.

Number of log sources associated

Question 35

Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?

Options:

A.

Behavioral rules

B.

Anomaly rules

C.

Custom rules

D.

Threshold rules

Question 36

Which type of rule requires a saved search that must be grouped around a common parameter

Options:

A.

Flow Rule

B.

Event Rule

C.

Common Rule

D.

Anomaly Rule

Question 37

A QRadar analyst wants predefined searches, reports, custom rules, and custom properties for HIPAA compliance.

Which option does the QRadar analyst use to look for HIPAA compliance on QRadar?

Options:

A.

Use Case Manager app

B.

QRadar Pulse app

C.

IBM X-Force Exchange portal to download content packs

D.

IBM Fix Central to download new rules

Question 38

Which two (2) options are used to search offense data on the By Networks page?

Options:

A.

Raw/Flows

B.

Events/Flows

C.

NetIP

D.

Severity

E.

Network

Question 39

When examining lime fields on Event Information, which one represents the time QRadar received the raw event?

Options:

A.

Processing Time

B.

Log Source Time

C.

Start Time

D.

Storage Time

Question 40

A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.

Which fitters can the Security Analyst use to search for the information requested?

Options:

A.

Offense ID, Source IP, Username

B.

Magnitude, Source IP, Destination IP

C.

Description, Destination IP. Host Name

D.

Specific Interval, Username, Destination IP

Question 41

A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?

Options:

A.

The full list of AQL databases, functions and fields (properties) is displayed.

B.

The full list of AQL tables and relationships from a database is displayed.

C.

The full list of AOL functions, fields (properties), and keywords is displayed.

D.

The full list of AQL functions, tables, and views from a database is displayed.

Demo: 41 questions
Total 139 questions