Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

C1000-162 Sample Questions Answers

Questions 4

How long does QRadar store payload indexes by default?

Options:

A.

7 days

B.

30 days

C.

14 days

D.

90 days

Buy Now
Questions 5

When you create a report, you must choose a chart type for each chart that is included in the report.

Which two (2) chart types can you include in a report?

Options:

A.

Flows

B.

Raw Data

C.

Containers

D.

Scanners

E.

Log Sources

Buy Now
Questions 6

Which statement regarding the time series chart is true?

Options:

A.

It displays static time series charts that represent the records that match and unmatch a specific time range search

B.

It displays interactive time series charts that represent the records that match a specific time range search

C.

The length of time that is required to export your data depends on the number of parameters specified and hidden

D.

The length of time that is required to export your data depends on the number of parameters specified

Buy Now
Questions 7

A Security Analyst has noticed that an offense has been marked inactive.

How long had the offense been open since it had last been updated with new events or flows?

Options:

A.

1 day + 30 minutes

B.

5 days + 30 minutes

C.

10 days + 30 minutes

D.

30 days + 30 minutes

Buy Now
Questions 8

Which log source and protocol combination delivers events to QRadar in real time?

Options:

A.

Sophos Enterprise console via JDBC

B.

McAfee ePolicy Orchestrator via JDBC

C.

McAfee ePolicy Orchestrator via SNMP

D.

Solaris Basic Security Mode (BSM) via Log File Protocol

Buy Now
Questions 9

New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?

Options:

Buy Now
Questions 10

Which two (2) types of data can be displayed by default in the Application Overview dashboard?

Options:

A.

Login Failures by User {real-time)

B.

Flow Rate (Flows per Second - Peak 1 Min)

C.

Top Applications (Total Bytes)

D.

Outbound Traffic by Country (Total Bytes)

E.

ICMP Type/Code (Total Packets)

Buy Now
Questions 11

From the Offense Summary window, how is the list of rules that contributed to a chained offense identified?

Options:

A.

Select Display > Notes

B.

Select Actions > Rules

C.

Select Display > Rules

D.

Listed in the notes section

Buy Now
Questions 12

What happens when you select "False Positive" from the right-click menu in the Log Activity tab?

Options:

A.

You can tune out events that are known to be false positives.

B.

You can investigate an IP address or a user name.

C.

Items are filtered that match or do not match the selection.

D.

The selected event is filtered based on the selected parameter in the event.

Buy Now
Questions 13

What is the name of the data collection set used in QRadar that can be populated with lOCs or other external data?

Options:

A.

Index set

B.

Reference set

C.

IOC set

D.

Data set

Buy Now
Questions 14

Which two (2) tasks are uses of the QRadar network hierarchy?

Options:

A.

Understand network traffic

B.

Monitor traffic and profile the behavior of each group and host within the group

C.

Monitor risky users within your organization

D.

Determine and identify Command and Control systems

E.

Monitor network devices

Buy Now
Questions 15

When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?

Options:

A.

ASSETS

B.

PAYLOAD

C.

OFFENSES

D.

AOL QUERY

E.

SAVED SEARCHES

Buy Now
Questions 16

When examining lime fields on Event Information, which one represents the time QRadar received the raw event?

Options:

A.

Processing Time

B.

Log Source Time

C.

Start Time

D.

Storage Time

Buy Now
Questions 17

What is the primary use of viewing the Magnitude metric on the Offenses tab?

Options:

A.

Determine which events to investigate last.

B.

Determine the credibility rating that is configured in the log source.

C.

Understand the type of offense we are facing.

D.

Identify the importance of the offense in your environment.

Buy Now
Questions 18

Which two (2) dashboards in the Pulse app by default?

Options:

A.

Active threats

B.

System metrics

C.

Summary view

D.

Compliance overview

E.

Offense overview

Buy Now
Questions 19

Which two (2) aggregation types are available for the pie chart in the Pulse app?

Options:

A.

Last

B.

Middle

C.

Total

D.

First

E.

Average

Buy Now
Questions 20

What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?

Options:

A.

User tuning

B.

Category definition

C.

Policy

D.

Host definition

Buy Now
Questions 21

An analyst wishes to review an event which has a rules test against both event and flow data.

What kind of rule is this?

Options:

A.

Anomaly rules

B.

Threshold rules

C.

Offense rules

D.

Common rules

Buy Now
Questions 22

How long will an AQL statement remain in execution if a time criteria is not specified, such as start, end, or last?

Options:

A.

30 minutes

B.

10 minutes

C.

15 minutes

D.

5 minutes

Buy Now
Questions 23

Which two (2) options are used to search offense data on the By Networks page?

Options:

A.

Raw/Flows

B.

Events/Flows

C.

NetIP

D.

Severity

E.

Network

Buy Now
Questions 24

Which of these statements regarding the deletion of a generated content report is true?

Options:

A.

Only specific reports that were not generated from the report template as well as the report template are deleted.

B.

All reports that were generated from the report template are deleted, but the report template is retained.

C.

All reports that were generated from the report template as well as the report template are deleted.

D.

Only specific reports that were not generated from the report template are deleted, but the report template is retained.

Buy Now
Questions 25

Select all that apply

What is the sequence to create and save a new search called "Offense Data" that shows all the CRE events that are associated with offenses?

Options:

Buy Now
Questions 26

Which two (2) AQL functions are used for calculations and formatting?

Options:

A.

INCIDR

B.

START

C.

LOWER

D.

STRLEN

E.

GROUP BY

Buy Now
Questions 27

How can an analyst search for all events that include the keyword "access"?

Options:

A.

Go to the Network Activity tab and run a quick search with the "access" keyword.

B.

Go to the Log Activity tab and run a quick search with the "access" keyword.

C.

Go to the Offenses tab and run a quick search with the "access" keyword.

D.

Go to the Log Activity tab and run this AOL: select * from events where eventname like 'access'.

Buy Now
Questions 28

What does the Next Run Time column display when a report is queued for generation in QRadar?

Options:

A.

Time the report ran last

B.

Number of times the report ran

C.

Position of the report in the queue

D.

Time it takes to generate the report

Buy Now
Questions 29

What feature in QRadar uses existing asset profile data so administrators can define unknown server types and assign them to a server definition in building blocks and in the network hierarchy?

Options:

A.

Server roles

B.

Active servers

C.

Server discovery

D.

Server profiles

Buy Now
Questions 30

Which two (2) statements regarding indexed custom event properties are true?

Options:

A.

The indexed filter adds to portions of the data set.

B.

The indexed filter eliminates portions of the data set and reduces the overall data volume and number of event or flow logs that must be searched.

C.

By default, data retention for the index payload is 7 days.

D.

Indexing searches a full event payload for values.

E.

Use indexed event and flow properties to optimize your searches.

Buy Now
Questions 31

What are two characteristics of a SIEM? (Choose two.)

Options:

A.

Log Management

B.

System Deployment

C.

Endpoint Software patching

D.

Enterprise User management

E.

Event Normalization & Correlation

Buy Now
Questions 32

On the Reports tab in QRadar. what does the message "Queued (position in the queue)" indicate when generating a report?

Options:

A.

The report is scheduled to run, and the message is a count-down timer that specifies when the report will run next.

B.

The report is ready to be viewed in the Generated Reports column.

C.

The report is generating.

D.

The report is queued for generation and the message indicates the position of the report in the queue.

Buy Now
Questions 33

Which parameter should be used if a security analyst needs to filter events based on the time when they occurred on the endpoints?

Options:

A.

Inspect "Log Time interval"

B.

Evaluate "Storage Time"

C.

Examine "Log Source Time"

D.

Review "Time Period"

Buy Now
Questions 34

What types of data does a Quick filter search operate on?

Options:

A.

Raw event or flow data

B.

Flow or parsing data

C.

Raw event or processed data

D.

Flow or processed data

Buy Now
Questions 35

Many offenses are generated and an analyst confirms that they match some kind of vulnerability scanning.

Which building block group needs to be updated to include the source IP of the vulnerability assessment (VA) scanner to reduce the number of offenses that are being generated?

Options:

A.

Host reference

B.

Host definitions

C.

Behavior definition

D.

Device definition

Buy Now
Questions 36

Which type of rule requires a saved search that must be grouped around a common parameter

Options:

A.

Flow Rule

B.

Event Rule

C.

Common Rule

D.

Anomaly Rule

Buy Now
Questions 37

Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?

Options:

A.

Information

B.

DNS Lookup

C.

Navigate

D.

WHOIS Lookup

E.

Asset Summary page

Buy Now
Questions 38

A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.

What parameter and value should the analyst add as filter in the event search?

Options:

A.

Associated with Offense is True

B.

Associated with Rule is True

C.

Associated with Rule is False

D.

Associated with Offense is False

Buy Now
Exam Code: C1000-162
Exam Name: IBM Security QRadar SIEM V7.5 Analysis
Last Update: May 21, 2024
Questions: 127
$64  $159.99
$48  $119.99
$40  $99.99
buy now C1000-162