IBM QRadar SIEM V7.3.2 Fundamental Analysis - C1000-018 Exam Practice Test

Question 1

An analyst has been asked to search for a firewall device that was assigned to a specific address range in the past week.
What method can the analyst use to perform the search that uses simple words or phrases?

A. Export the event data and import it to the spreadsheet for searching.

B. Utilize the Natural Language Query module for searching event data.

C. Write a search query using the Ariel Query Language and regex.

D. Use Quick Filter to perform the search for event data.

Correct Answer: A

Question 2

Which use case type is appropriate for VPN log sources? (Choose two.)

A. Securing the Cloud

B. Insider Threat

C. Advanced Persistent Threat (APT)

D. Critical Data Protection

Correct Answer: B,C

Question 3

An analyst is reviewing a rule that is configured to create an Offense indexed by a uri domain name. But even after validating all the rule conditions, an Offense is not generated.
What could be the reason for this kind of behaviour?

A. Custom property url domain name is empty in the events.

B. Normalized property Source IP is empty in the events.

C. Custom property Eventname is empty in the events.

D. Normalized property url domain name is empty in the events.

Correct Answer: C

Question 4

To provide insight into why QRadar considers the event to be threatening, what does QRadar add to the Offense that users cannot edit or delete?

A. Attack path

B. Source IP

C. Location

D. Annotations

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

An analyst has been assigned a task to modify a rule in such a manner that Source IP of the triggered Offense from this rule should be stored in a Reference set.
Under which section of the rule wizard can the analyst achieve this?

A. Rule Test Stack Editor

B. Rule Action

C. Rule Response Limiter

D. Rule Response

Correct Answer: A

Question 6

The Network Hierarchy is an important part of the system configuration. It can be used to tune out a large number of False Positive Offenses from the standard QRadar rules.
What is the Network Hierarchy?

A. The Network Hierarchy can be used in all Rules and is accessed from the False Positive button in the Network Activity Tab.

B. The Network Hierarchy can be used in section of the Admin Tab. accessed from the System Configuration.

C. The Network Hierarchy can be used only in Flow Rules and is accessed from the False Positive button in the Network Activity Tab.

D. There are separate Network Hierarchies for Flow and Event Rules. They are accessed from the False Positive button in the corresponding Activity Tab.

Correct Answer: D

IBM QRadar SIEM V7.3.2 Fundamental Analysis - C1000-018 Exam Practice Test

Latest Update

Useful Links

Contact Us