New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

C1000-162 IBM Security QRadar SIEM V7.5 Analysis Questions and Answers

Questions 4

Which kind of information do log sources provide?

Options:

A.

User login actions

B.

Operating system updates

C.

Flows generated by users

D.

Router configuration exports.

Buy Now
Questions 5

What is the effect of toggling the Global/Local option to Global in a Custom Rule?

Options:

A.

It allows a rule to compare events & flows in real time.

B.

It allows a rule to analyze the geographic location of the event source.

C.

It allows rules to be tracked by the central processor for detection by any Event Processor.

D.

It allows a rule to inject new events back into the pipeline to affect and update other incoming events.

Buy Now
Questions 6

A task is set up to identify events that were missed by the Custom Rule Engine. Which two (2) types of events does an analyst look for?

Options:

A.

Log Only Events sent to a Data Store

B.

High Level Category: User Defined Events

C.

Forwarded Events to different destination

D.

High Level Category Unknown Events

E.

Low Level Category: Stored Events

Buy Now
Questions 7

Which statement regarding the use of the internal structured language of the QRadar database is true?

Options:

A.

Use AQL to extract, filter, and perform actions on event and flow data that you extract from the Ariel database

B.

Use AQL to extract, filter and manipulate event, flow and use cases data from the Ariel database

C.

Use AQL to accelerate and make tuning event and flow data from the Ariel database

D.

Use AQL to accelerate and make tuning event, flow and use cases data from the Ariel database

Buy Now
Questions 8

An analyst wants to share a dashboard in the Pulse app with colleagues.

The analyst exports the dashboard by using which format?

Options:

A.

CSV

B.

JSON

C.

XML

D.

PHP

Buy Now
Questions 9

Reports can be generated by using which file formats in QRadar?

Options:

A.

PDF, HTML, XML, XLS

B.

JPG, GIF, BMP, TIF

C.

TXT, PNG, DOC, XML

D.

CSV, XLSX, DOCX, PDF

Buy Now
Questions 10

On the Reports tab in QRadar. what does the message "Queued (position in the queue)" indicate when generating a report?

Options:

A.

The report is scheduled to run, and the message is a count-down timer that specifies when the report will run next.

B.

The report is ready to be viewed in the Generated Reports column.

C.

The report is generating.

D.

The report is queued for generation and the message indicates the position of the report in the queue.

Buy Now
Questions 11

What QRadar application can help you ensure that IBM GRadar is optimally configured to detect threats accurately throughout the attack chain?

Options:

A.

Rules Reviewer

B.

Log Source Manager

C.

QRadar Deployment Intelligence

D.

Use Case Manager

Buy Now
Questions 12

Which of the configured parameters is found in the Event Details page?

Options:

A.

Event Processor UUID

B.

High Level Category

C.

Log Source Time

D.

Log Source Group

Buy Now
Questions 13

Where can you view a list of events associated with an offense in the Offense Summary window?

Options:

A.

Destination IPs

B.

Events from Event/Flow count column

C.

Display > Destination IPs

D.

Source IPs

Buy Now
Questions 14

When investigating an offense, how does one find the number of flows or events associated with it?

Options:

A.

EvenVFIow count field

B.

List Events/Flows

C.

Export count to CSV

D.

Display > Events

Buy Now
Questions 15

What types of data does a Quick filter search operate on?

Options:

A.

Raw event or flow data

B.

Flow or parsing data

C.

Raw event or processed data

D.

Flow or processed data

Buy Now
Questions 16

What does this example of a YARA rule represent?

Options:

A.

Flags containing hex sequence and str1 less than three times

B.

Flags content that contains the hex sequence, and hex! at least three times

C.

Flags for str1 at an offset of 25 bytes into the file

D.

Flags content that contains the hex sequence, and str1 greater than three times

Buy Now
Questions 17

A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.

Which fitters can the Security Analyst use to search for the information requested?

Options:

A.

Offense ID, Source IP, Username

B.

Magnitude, Source IP, Destination IP

C.

Description, Destination IP. Host Name

D.

Specific Interval, Username, Destination IP

Buy Now
Questions 18

Events can be exported from the QRadar Log Activity tab in which file formats?

Options:

A.

JSON. XML, and CSV

B.

XLS and CSV

C.

JSON and XML

D.

XML and CSV

Buy Now
Questions 19

From the Offense Summary window, how is the list of rules that contributed to a chained offense identified?

Options:

A.

Select Display > Notes

B.

Select Actions > Rules

C.

Select Display > Rules

D.

Listed in the notes section

Buy Now
Questions 20

AQRadar analyst can check the rule coverage of MITRE ATT&CK tactics and techniques by using Use Case Manager.

In the Use Case Manager app, how can a QRadar analyst check the offenses triggered and mapped to MITRE ATT&CK framework?

Options:

A.

By navigating to "CRE Report"

B.

From Offenses tab

C.

By clicking on "Tuning Home"

D.

By navigating to "Detected in timeframe"

Buy Now
Questions 21

Which two (2) types of data can be displayed by default in the Application Overview dashboard?

Options:

A.

Login Failures by User {real-time)

B.

Flow Rate (Flows per Second - Peak 1 Min)

C.

Top Applications (Total Bytes)

D.

Outbound Traffic by Country (Total Bytes)

E.

ICMP Type/Code (Total Packets)

Buy Now
Questions 22

Which condition is required to display the "Include in my Dashboard" parameter in the Log Activity tab while saving a search?

Options:

A.

Filter the columns that are listed in the Available Columns list and disable the Enable Unique Counts to display the flow counts instead of average counts over Real Time

B.

This parameter is only displayed if the search is grouped

C.

The search must be set to Advanced Search and must be propagated with a high level of confidence

D.

The result limits cannot be empty and not in a group

Buy Now
Questions 23

Which two (2) are valid options available for configuring the frequency of report execution in the QRadar Report wizard?

Options:

A.

Quarterly

B.

Automatically

C.

Monthly

D.

Yearly

E.

Manually

Buy Now
Questions 24

Which two (2) tasks are uses of the QRadar network hierarchy?

Options:

A.

Understand network traffic

B.

Monitor traffic and profile the behavior of each group and host within the group

C.

Monitor risky users within your organization

D.

Determine and identify Command and Control systems

E.

Monitor network devices

Buy Now
Questions 25

What can be considered a log source type?

Options:

A.

ICMP

B.

SNMP

C.

Juniper IOP

D.

Microsoft SMBtail

Buy Now
Questions 26

Which parameters are used to calculate the magnitude rating of an offense?

Options:

A.

Relevance, credibility, time

B.

Severity, relevance, credibility

C.

Relevance, urgency, credibility

D.

Severity, impact, urgency

Buy Now
Questions 27

How long will an AQL statement remain in execution if a time criteria is not specified, such as start, end, or last?

Options:

A.

30 minutes

B.

10 minutes

C.

15 minutes

D.

5 minutes

Buy Now
Questions 28

An analyst runs a search with correct AQL. but no errors or results are shown.

What is one reason this could occur?

Options:

A.

The Quick Filter option is selected.

B.

The AQL search needs to be saved as a Quick Search before it can display any query.

C.

Microsoft Edge is not a supported browser.

D.

AQL search needs to be enabled in System Settings.

Buy Now
Questions 29

How can an analyst identify the top rules that generated offenses in the previous week and were closed as false positives or tuned?

Options:

A.

From Reports > Offenses Report > Weekly reports > False positives reports

B.

Use Case Manager app > Active Rules > Filter Offenses with start date > Closure Reason > Select False-Positive, Tuned

C.

Use Case Manager app > CRE Report > Filter Offenses with the following direction > R2R > Select False-Positive, Tuned.

D.

From Reports > CRE Report > Weekly reports > False positives reports

Buy Now
Questions 30

New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?

Options:

Buy Now
Questions 31

A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.

What parameter and value should the analyst add as filter in the event search?

Options:

A.

Associated with Offense is True

B.

Associated with Rule is True

C.

Associated with Rule is False

D.

Associated with Offense is False

Buy Now
Questions 32

How can an analyst search for all events that include the keyword "access"?

Options:

A.

Go to the Network Activity tab and run a quick search with the "access" keyword.

B.

Go to the Log Activity tab and run a quick search with the "access" keyword.

C.

Go to the Offenses tab and run a quick search with the "access" keyword.

D.

Go to the Log Activity tab and run this AOL: select * from events where eventname like 'access'.

Buy Now
Questions 33

Which parameter is calculated based on the relevance, severity, and credibility of an offense?

Options:

A.

Magnitude rating

B.

Severity age

C.

Impact rating

Buy Now
Questions 34

Which type of rule requires a saved search that must be grouped around a common parameter

Options:

A.

Flow Rule

B.

Event Rule

C.

Common Rule

D.

Anomaly Rule

Buy Now
Questions 35

An analyst wants to implement an AQL search in QRadar. Which two (2) tabs can be used to accomplish this implementation?

Options:

A.

Assets

B.

Vulnerabilities

C.

Log Activity

D.

Offenses

E.

Network Activity

Buy Now
Questions 36

What does an analyst need to do before configuring the QRadar Use Case Manager app?

Options:

A.

Create a privileged user.

B.

Create an authorized service token.

C.

Check the license agreement.

D.

Run a QRadar health check.

Buy Now
Questions 37

A new log source was configured to send events to QRadar to help detect a malware outbreak. A security analyst has to create an offense based on properties from this payload but not all the information is parsed correctly.

What is the sequence of steps to ensure that the correct information is pulled from the payload to use in a rule?

Options:

Buy Now
Questions 38

What does an analyst need to do before configuring the QRadar Use Case Manager app?

Options:

A.

Create a privileged user.

B.

Run a QRadar health check.

C.

Check the license agreement.

D.

Create an authorized service token.

Buy Now
Questions 39

Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?

Options:

A.

Behavioral rules

B.

Anomaly rules

C.

Custom rules

D.

Threshold rules

Buy Now
Questions 40

A Security Analyst has noticed that an offense has been marked inactive.

How long had the offense been open since it had last been updated with new events or flows?

Options:

A.

1 day + 30 minutes

B.

5 days + 30 minutes

C.

10 days + 30 minutes

D.

30 days + 30 minutes

Buy Now
Questions 41

Which statement regarding saved event search criteria is true?

Options:

A.

Saved search criteria expires

B.

Saved search criteria does not expire

C.

Saved search criteria cannot be reused

D.

You cannot define the name of the saved search criteria

Buy Now
Exam Code: C1000-162
Exam Name: IBM Security QRadar SIEM V7.5 Analysis
Last Update: Dec 27, 2024
Questions: 139
C1000-162 pdf

C1000-162 PDF

$25.5  $84.99
C1000-162 Engine

C1000-162 Testing Engine

$30  $99.99
C1000-162 PDF + Engine

C1000-162 PDF + Testing Engine

$40.5  $134.99