11.11 Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

C1000-162 Sample Questions Answers

Questions 4

Which IBM X-Force Exchange feature could be used to query QRadar to see if any of the lOCs were detected for COVID-19 activities?

Options:

A.

TAXI I automatic updates

B.

STIX Bundle

C.

Threat Intelligence ATP

D.

Ami Affected

Buy Now
Questions 5

Select all that apply

What is the sequence to create and save a new search called "Offense Data" that shows all the CRE events that are associated with offenses?

Options:

Buy Now
Questions 6

New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?

Options:

Buy Now
Questions 7

An analyst wants to share a dashboard in the Pulse app with colleagues.

The analyst exports the dashboard by using which format?

Options:

A.

CSV

B.

JSON

C.

XML

D.

PHP

Buy Now
Questions 8

In Rule Response, which two (2) options are available for Offense Naming?

Options:

A.

This information should be removed from the current name of the associated offenses

B.

This information should contribute to (he name of the associated offenses

C.

This information should set or replace the name of the associated offenses

D.

This information should contribute to the dispatched event name of the associated offenses.

E.

This information should contribute to the category naming of the associated offenses

Buy Now
Questions 9

A QRadar analyst wants predefined searches, reports, custom rules, and custom properties for HIPAA compliance.

Which option does the QRadar analyst use to look for HIPAA compliance on QRadar?

Options:

A.

Use Case Manager app

B.

QRadar Pulse app

C.

IBM X-Force Exchange portal to download content packs

D.

IBM Fix Central to download new rules

Buy Now
Questions 10

A task is set up to identify events that were missed by the Custom Rule Engine. Which two (2) types of events does an analyst look for?

Options:

A.

Log Only Events sent to a Data Store

B.

High Level Category: User Defined Events

C.

Forwarded Events to different destination

D.

High Level Category Unknown Events

E.

Low Level Category: Stored Events

Buy Now
Questions 11

a selection of events for further investigation to somebody who does not have access to the QRadar system.

Which of these approaches provides an accurate copy of the required data in a readable format?

Options:

A.

Log in to the Command Line Interface and use the ACP tool (/opt/qradar/bin/runjava.sh com.qllabs .ariel. Io.acp) with the necessary AQLfilters and destination directory.

B.

Use the Advanced Search option in the Log Activity tab, run an AQL command: copy (select * from events last 2 hours) to ’output_events.csv’ WITH CSV.

C.

Use the "Event Export (with AQL)" option in the Log Activity tab, test your query with the Test button. Then, to run the export, click Export to CSV.

D.

Use the Log Activity tab, filter the events until only those that you require are shown. Then, from the Actions list, select Export to CSV > Full Export (All Columns).

Buy Now
Questions 12

When searching for all events related to "Login Failure", which parameter should a security analyst use to filter the events?

Options:

A.

Event Asset Name

B.

Event Collector

C.

Anomaly Detection Event

D.

Event Name

Buy Now
Questions 13

Which parameters are used to calculate the magnitude rating of an offense?

Options:

A.

Relevance, urgency, credibility

B.

Relevance, credibility, time

C.

Severity, relevance, credibility

D.

Severity, impact, urgency

Buy Now
Questions 14

Create a list that stores Username as the first key. Source IP as the second key with an assigned cidr data type, and Source Port as the value.

The example above refers to what kind of reference data collections?

Options:

A.

Reference map of sets

B.

Reference store

C.

Reference table

D.

Reference map

Buy Now
Questions 15

What is the default number of notifications that the System Notification dashboard can display?

Options:

A.

50 notifications

B.

20 notifications

C.

10 notifications

D.

5 notifications

Buy Now
Questions 16

Which two (2) AQL functions are used for calculations and formatting?

Options:

A.

INCIDR

B.

START

C.

LOWER

D.

STRLEN

E.

GROUP BY

Buy Now
Questions 17

Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?

Options:

A.

Information

B.

Asset Summary page

C.

Navigate

D.

WHOIS Lookup

E.

DNS Lookup

Buy Now
Questions 18

A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.

What parameter and value should the analyst add as filter in the event search?

Options:

A.

Associated with Offense is True

B.

Associated with Rule is True

C.

Associated with Rule is False

D.

Associated with Offense is False

Buy Now
Questions 19

Which of these statements regarding the deletion of a generated content report is true?

Options:

A.

Only specific reports that were not generated from the report template as well as the report template are deleted.

B.

All reports that were generated from the report template are deleted, but the report template is retained.

C.

All reports that were generated from the report template as well as the report template are deleted.

D.

Only specific reports that were not generated from the report template are deleted, but the report template is retained.

Buy Now
Questions 20

Which statement regarding saved event search criteria is true?

Options:

A.

Saved search criteria expires

B.

Saved search criteria does not expire

C.

Saved search criteria cannot be reused

D.

You cannot define the name of the saved search criteria

Buy Now
Questions 21

What are the behavioral rule test parameter options?

Options:

A.

Behavioral rule. Current traffic level, Predicted value

B.

Season, Anomaly detection. Current traffic trend

C.

Season, Current traffic level, Predicted value

D.

Current traffic behavior. Behavioral rule. Current traffic level

Buy Now
Questions 22

Which two (2) options are used to search offense data on the By Networks page?

Options:

A.

Raw/Flows

B.

Events/Flows

C.

NetIP

D.

Severity

E.

Network

Buy Now
Questions 23

A QRadar analyst is using the Log Activity screen to investigate the events that triggered an offense.

How can the analyst differentiate events that are associated with an offense?

Options:

A.

A red star icon in the first column of event list indicates a fully-matched event

B.

Fully matched events are not indexed

C.

Separate columns named 'Paritally matched’ and 'Fully matched' are populated

D.

Partially matched events are not indexed

Buy Now
Questions 24

What type of rules will test events or flows for volume changes that occur in regular patterns to detect outliers?

Options:

A.

Behavioral rules

B.

Anomaly rules

C.

Custom rules

D.

Threshold rules

Buy Now
Questions 25

A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?

Options:

A.

The full list of AQL databases, functions and fields (properties) is displayed.

B.

The full list of AQL tables and relationships from a database is displayed.

C.

The full list of AOL functions, fields (properties), and keywords is displayed.

D.

The full list of AQL functions, tables, and views from a database is displayed.

Buy Now
Questions 26

A new log source was configured to send events to QRadar to help detect a malware outbreak. A security analyst has to create an offense based on properties from this payload but not all the information is parsed correctly.

What is the sequence of steps to ensure that the correct information is pulled from the payload to use in a rule?

Options:

Buy Now
Questions 27

What types of data does a Quick filter search operate on?

Options:

A.

Raw event or flow data

B.

Flow or parsing data

C.

Raw event or processed data

D.

Flow or processed data

Buy Now
Questions 28

What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?

Options:

A.

User tuning

B.

Category definition

C.

Policy

D.

Host definition

Buy Now
Questions 29

What two (2) guidelines should you follow when you define your network hierarchy?

Options:

A.

Do not configure a network group with more than 15 objects.

B.

Organize your systems and networks by role or similar traffic patterns.

C.

Use the autoupdates feature to automatically populate the network hierarchy.

D.

Import scan results into QRadar.

E.

Use flow data to build the asset database.

Buy Now
Questions 30

Which parameter is calculated based on the relevance, severity, and credibility of an offense?

Options:

A.

Magnitude rating

B.

Severity age

C.

Impact rating

Buy Now
Questions 31

Where can you view a list of events associated with an offense in the Offense Summary window?

Options:

A.

Destination IPs

B.

Events from Event/Flow count column

C.

Display > Destination IPs

D.

Source IPs

Buy Now
Questions 32

What does this example of a YARA rule represent?

rule ibm_forensics : qradar

meta:

description = “Complex Yara rule.“

strings:

Shexl = {4D 2B 68 00 ?? 14 99 F9 B? 00 30 Cl 8D}

Sstrl = "IBM Security!"

condition:

Shexl and (#strl > 3)

Options:

A.

Flags content that contains the hex sequence, and hex1 at least three times

B.

Flags containing hex sequence and str1 less than three times

C.

Flags for str 1 at an offset of 25 bytes into the file

D.

Flags content that contains the hex sequence, and str1 greater than three times

Buy Now
Questions 33

Which kind of information do log sources provide?

Options:

A.

User login actions

B.

Operating system updates

C.

Flows generated by users

D.

Router configuration exports.

Buy Now
Questions 34

On the Offenses tab, which column explains the cause of the offense?

Options:

A.

Description

B.

Offense Type

C.

Magnitude

D.

IPs

Buy Now
Questions 35

An analyst wants to implement an AQL search in QRadar. Which two (2) tabs can be used to accomplish this implementation?

Options:

A.

Assets

B.

Vulnerabilities

C.

Log Activity

D.

Offenses

E.

Network Activity

Buy Now
Questions 36

Which are types of reference data collections in QRadar?

Options:

A.

Reference set. Reference data, and Reference rule

B.

Reference set, Reference map. and Reference map of maps

C.

Reference data. Reference table, and Reference event

D.

Reference event, Reference map of sets, and Reference data

Buy Now
Questions 37

What is the primary use of viewing the Magnitude metric on the Offenses tab?

Options:

A.

Determine which events to investigate last.

B.

Determine the credibility rating that is configured in the log source.

C.

Understand the type of offense we are facing.

D.

Identify the importance of the offense in your environment.

Buy Now
Questions 38

Several systems were initially reviewed as active offenses, but further analysis revealed that the traffic generated by these source systems is legitimate and should not contribute to offenses.

How can the activity be fine-tuned when multiple source systems are found to be generating the same event and targeting several systems?

Options:

A.

Edit the building blocks by using the Custom Rules Editor to tune out a destination IP

B.

Use the Log Source Management app to tune the event

C.

Edit the building blocks by using the Custom Rules Editor to tune out the specific event

D.

Edit the building blocks by using the Custom Rules Editor to tune out a source IP

Buy Now
Questions 39

To test for authorized access to a patent, create a list that uses a custom event property for Patent id as the key, and the username parameter as the value. Data is stored in records that map a key to multiple values and every key is unique. Use this list to populate a list of authorized users.

The example above refers to what kind of reference data collections?

Options:

A.

Reference map of maps

B.

Reference map

C.

Reference map of sets

D.

Reference table

Buy Now
Questions 40

After analyzing an active offense where many source systems were observed connecting to a specific destination via local-to-local LDAP traffic, an ^lyst discovered that the targeted system is a legitimate LDAP server within the organization.

x avoid confusion in future analyses, how can this type of traffic to the target system be flagged as expected and be excluded from further offense ation?

Options:

A.

Add the IP address of the LDAP server to the BB:Host Definition: LDAP Servers building block.

B.

Remove the IP address of the source systems from the Global False Positive Events building block.

C.

Add the IP address of the source systems to the All Default Positive building block.

D.

Remove the IP address of the LDAP server from the network hierarchy.

Buy Now
Questions 41

After how much time will QRadar mark an Event offense dormant if no new events or flows occur?

Options:

A.

2 hours

B.

30 minutes

C.

24 hours

D.

5 minutes

Buy Now
Exam Code: C1000-162
Exam Name: IBM Security QRadar SIEM V7.5 Analysis
Last Update: Nov 8, 2024
Questions: 139
$56  $159.99
$42  $119.99
$35  $99.99
buy now C1000-162