IBM Security QRadar SIEM V7.2.6 Associate Analyst

Question 1

What are three examples of a custom Dashboard? (Choose three.)

A. Internet Threat Information Center

B. Top Applications

C. Most Recent Offenses

D. Asset View

E. Tabs which are accessible

F. Source and Destination DNS

Correct Answer: B,C,F

Question 2

Where can a user add a note to an offense in the user interface?

A. Dashboard and Offenses Tab

B. Offenses Tab and Offense Detail Window

C. Offenses Detail Window, Dashboard, and Admin Tab

D. Dashboard, Offenses Tab, and Offense Detail Window

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 3

What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?

A. Category

B. Source IP

C. Destination IP

D. Rules

Correct Answer: D

Question 4

A Security Analyst was asked to search for an offense on a specific day.
The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which fitters can the Security Analyst use to search for the information requested?

A. Specific Interval, Username, Destination IP

B. Magnitude, Source IP, Destination IP

C. Offense ID, Source IP, Username

D. Description, Destination IP. Host Name

Correct Answer: A

Question 5

What is a key difference between the magnitude of an event and the magnitude of an offense?

A. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense can only increase.

B. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense can increase or decrease over time.

C. The magnitude of an event is derived from the current magnitude of the offense it creates, the magnitude of an offense can increase or decrease overtime.

D. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense is derived when the offense is created and does not vary.

Correct Answer: B

Question 6

What is the definition of asset profile on QRadar?

A. It is any network endpoint that sends or receives data across a network infrastructure.

B. It is an application used to configure and distribute settings to devices and computers in an organization, school, or business.

C. It is the information servers and hosts in a network provide to assist users when resolving security issues.

D. It is all the information that IBM Security QRadar SIEM collected over time about a specific asset.

Correct Answer: D

Question 7

Which QRadar add-on component can quickly retrace the step-by-step actions of an attacker?

A. QRadar Flow Collector

B. QRadar Incident Forensics

C. QRadar Risk Manager

D. QRadar Vulnerability Manager

Correct Answer: A

Question 8

What is the default reason for closing an Offense within QRadar?

A. Acceptable Traffic

B. Non-Issue

C. Actioned

D. Blocked Traffic

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 9

Which capability is common to both Rules and Building Blocks?

A. Rules and Building Blocks can both be Enabled/Disabled through the GUI.

B. Rules and Building blocks both have the same selection of tests.

C. Rules and Building Blocks both have Actions; Building Blocks do not have Responses.

D. Rules and Building Blocks both set the Magnitude of an Event.

Correct Answer: C

IBM Security QRadar SIEM V7.2.6 Associate Analyst - C2150-612 Exam Practice Test

Latest Update

Useful Links

Contact Us