Which of these statements regarding the network activity tab is true?

You can search, monitor, and investigate flow data in real time. You also can run advanced searches to filter the displayed flows. View flow information to determine how and what network traffic is communicated.

You can not display interactive time series charts that represent the records that are matched by a specific time interval search

You can not save configured search criteria so that you can reuse the criteria and use the saved search criteria in other components, such as reports. Saved search criteria does not expire.

You can search, monitor, and investigate events data in real time. You also can run advanced searches to filter the displayed events. View event information to determine how and what database traffic is communicated.

Based on which factors will the magistrate prioritize the offenses and assign the magnitude values?

Risk, severity, and number of events

Credibility, priority, and number of events

What parameters can an analyst define while configuring a new reference set in Admin Tab in Reference Set Management?

Name, Type, Time to Live, Expiration

Rule Name, Response, Value, Origin

Category Name, Group, Date Last Seen, Value

How can a QRadar analyst identify the gap between the rules deployed on QRadar and rules needed to cover the security use cases?

Use the content extension filters on Use Case Manager app

Use the Offense tab to add new rules

Use the IBM X-Force Exchange portal

In QRadar, what do threshold rules test events and flows for?

Test against incoming flow data that is processed by the QRadar Flow Processor

Test events or flows for activity that is greater than or less than a specified range

Test events or flows for volume changes that occur in regular patterns to detect outliers

Test event and flow traffic for changes in short-term events when you are comparing against a longer timeframe

What must be configured for QRadar to determine flow traffic directions and benefit to from useful building blocks in rules?

X-Force Indicators of Compromise

To take advantage of lazy search, what must the analyst's profile contain?

Configured permission to access the network tab

Configured domain for the type of data being searched and non-administrator security profile

Configured tenant for the data searched and required resource restriction for the search query

Configured permission precedence to no restrictions and access to all networks and log sources

An analyst reviewed an active offense that was conducted by many users, generating many events in the same category, targeting many systems. Upon further analysis, the analyst determined that the traffic from the Source IP is a new legitimate Nessus scanner and should not contribute to the offenses. Which tuning methodology guideline can the analyst use to tune out this traffic?

Add the IP to the Exclude from Analytics Reference Set

Add a Routing Rule to drop the events seen from the Source IP

Add the hostname to the BB: VA Scanner Source Host building block

Add the IP address to the BB: VA Scanner Source IP building block

What is the correct order of the steps for configuring a dashboard item?

Select the dashboard that contains the item you want to customize

On the header of the dashboard item you want to configure, click the Settings icon

Which statement about shared dashboards in the Pulse app is true?

Users can see the default dashboard parameter values

Any updates that you make to the shared dashboard are seen by other users

Shared dashboards can be shared again to additional users

The shared dashboard has the privileges of the original user

What option must be selected to use a custom property to index an offense?

Enable for use in Rules, Forwarding Profiles, and Search Indexing.

Enable for use in Routing Rules, Event Forwarding, and Flow Indexing.

Ensure the detected event is part of an offense and the property type must be extraction based.

Ensure the detected event is part of an offense and the custom property field type must be alphanumeric.

An analyst copied a query from a Microsoft Word document that the team manager provided. Select Qidname(qid) as ‘Event Name’ From events Last 1 hours When the analyst attempted to run the query an error occurred. What is the cause of the error?

The query is using SQL language syntax and need to be adapted to the updated AQL v.420

A semi-colon must be used between each line.

Single quotation marks need to be retyped when copied.

Queries copied from outside QRadar must be in one line.

What is the procedure for duplicating a report from the Reports tab?

Click Action > Duplicate Report Select the report to duplicate and click Finish

Right-click the report to duplicate Click Duplicate and type a new name for the report

Click Actions, then select the report to duplicate from the pop-up window Click Duplicate and type a new name for the report

Highlight the report to duplicate by left-clicking on it once. From the Actions list, click Duplicate and type a new name for the report

An analyst is investigating rules that are deployed in the QRadar deployment. Where does the analyst determine which rules are most active in generating offenses?

In the Offenses tab, on the Rules menu, checking the Offense Count column

In the Offenses tab, on the All Offenses menu, checking the Flows column

In the Offenses tab, on the My Offenses menu, checking the Events column

In the Offenses tab, on the Rules menu, checking the Events/Flow Count column

What are two (2) reasons for using the QRadar Use Case Manager app?

Ensure that QRadar is optimally configured to accurately detect threats throughout the attack chain

Expose pre-defined mappings to system rules and helps you map your own custom rules to MITRE ATT&CK tactics and techniques.

Communicate insights and analysis about your network

Present data in graph format, so you can quickly assess the vulnerabilities in your network.

Determine the risk profiles of users inside your network and to take action when the app alerts you to threat.

An analyst enabled the Source Network property index one month ago. What is the reason that the "% of Searches Using Property" column is zero?

The index is not used in the searches.

The index was not saved correctly.

Percentages might not roll-up correctly due to rounding error.

How can a QRadar analyst quickly locate results when searching for a specific result from large data sets or long time frames?

Add an indexed filter, such as a Log Source Type, Event Name, or Source IP.

Start the searches without any filters.

Add only a payload filter to the search.

Add any filter that does not have [Indexed] appended to it.

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

Authored by Number One

Business

Professional Development

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

40 questions

Show all answers

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two (2) statements about offense chaining are true?

Offense chaining causes performance issues in IBM QRadar

Offense chaining is based on the offense index field that is specified on the rule

Offense chaining is based on the generated CRE event that is specified in the rule response

A chained offense is identifiable when "preceded by" is in the Descriptions field on the Offense Summary page

If the rule is configured to use the Source IP address as the offense index field, there is only one offense that has that Source IP address, regardless of the offense status

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Offense chaining is possible based on which parameter?

Rule type

Rule response

Offense index field

Rule response limiter

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In QRadar, where is a list of offenses displaying associated source IP addresses?

Offense Summary > By Source IP

Offense Summary > New Search > Advanced Search

Log Activity > Offense Source Summary > Offenses

Log Activity > Add Filter > Source IP > offense_assigned

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A QRadar analyst can export MITRE mappings, which can later be imported into another QRadar deployment. What is another use for the exported MITRE mappings?

Mappings can be a log source configuration backup solution

The export can be a log source group configuration backup solution

MITRE coverage file can be imported into MITRE ATT&CK Navigator

The export contains event details which can be re-run by using the QRadar Experience Center app

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which parameter indicates the reliability of an offense configured in the log source, and is boosted when multiple sources report the same event?

Relevance

Credibility

Event severity

Trustworthiness log

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two (2) types of information are taken into consideration when calculating the magnitude of an offense?

The number of rules matched to the offense

The number of searches associated with the offense

The CVSS score of the log sources that are involved in the offense

The number of events and flows that are associated with the offense

The categories, severity, relevance, and credibility of the events and flows that contribute to the offense

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What are events called when they are classified in the proper log source?

Stored events

Parsed events

Payload events

Unknown events

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

43 questions

Administrative Environment Quiz

Quiz

•

Professional Development

39 questions

Risk Management

Quiz

•

Professional Development

40 questions

NO BRAINER - ETHEREAL

Quiz

•

University - Professi...

40 questions

Ujian Akhir In Class 2 - SHDP 4

Quiz

•

Professional Development

35 questions

CA Quiz

Quiz

•

Professional Development

35 questions

G140-Unit E01

Quiz

•

Professional Development

38 questions

ติวสอบกลางภาค ปวช.2/1 วิชา Excel

Quiz

•

Professional Development

41 questions

Chapter 7 Management Roles, Functions, and Skills Part 2

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Business

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

Exam C1000-162: IBM Security QRadar SIEM V7.5 Analysis

Which two (2) statements about offense chaining are true?

Offense chaining is possible based on which parameter?

In QRadar, where is a list of offenses displaying associated source IP addresses?

A QRadar analyst can export MITRE mappings, which can later be imported into another QRadar deployment. What is another use for the exported MITRE mappings?

Which parameter indicates the reliability of an offense configured in the log source, and is boosted when multiple sources report the same event?

Which two (2) types of information are taken into consideration when calculating the magnitude of an offense?

What are events called when they are classified in the proper log source?

Which of these statements regarding the network activity tab is true?

Which two (2) options are valid to exclude offenses from offense search results?

Based on which factors will the magistrate prioritize the offenses and assign the magnitude values?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Business