- All Exams Instant Download
Which three log sources are supported by QRadar? (Choose three.)
Which three log sources are supported by QRadar? (Choose three.)A . Log files via SFTPB . Barracuda Web FilterC . TLS multiline SyslogD . Oracle Database ListenerE . Sourcefire Defense CenterF . Java Database Connectivity (JDBC)View AnswerAnswer: DEF
How is an event magnitude calculated?
How is an event magnitude calculated?A . As the sum of the three properties Severity, Credibility and Relevance of the EventB . As the sum of the three properties Severity, Credibility and Importance of the EventC . As a weighted mean of the three properties Severity, Credibility and Relevance of...
Which information can be found under the Network Activity tab?
Which information can be found under the Network Activity tab?A . FlowsB . EventsC . ReportsD . OffensesView AnswerAnswer: A
Which saved searches can be included on the Dashboard?
Which saved searches can be included on the Dashboard?A . Event and Flow saved searchesB . Asset and Network saved searchesC . User and Vulnerability saved searchesD . Network Activity and Risk saved searchesView AnswerAnswer: A
Which type of tests are recommended to be placed first in a rule to increase efficiency?
Which type of tests are recommended to be placed first in a rule to increase efficiency?A . Custom property testsB . Normalized property testsC . Reference set lookup testsD . Payload contains regex testsView AnswerAnswer: B
How can the Security Analyst ensure results of the penetration test are retained?
A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected. Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation. How...
Which QRadar add-on component can generate a list of the unencrypted protocols that can communicate from a DMZ to an internal network?
Which QRadar add-on component can generate a list of the unencrypted protocols that can communicate from a DMZ to an internal network?A . QRadar Risk ManagerB . QRadar Flow CollectorC . QRadar Incident ForensicsD . QRadar Vulnerability ManagerView AnswerAnswer: A
Which list is only Rule Actions?
Which list is only Rule Actions?A . Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.B . Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.C . Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.D ....
What is an example of the use of a flow data that provides more information than an event data?
What is an example of the use of a flow data that provides more information than an event data?A . Represents a single event on the networkB . Automatically identifies and better classifies new assets found on a networkC . Performs near real-time comparisons of application data with logs sent...
What is the default reason for closing an Offense within QRadar?
What is the default reason for closing an Offense within QRadar?A . ActionedB . Non-IssueC . Blocked TrafficD . Acceptable TrafficView AnswerAnswer: B Explanation: Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/t_qradar_closing_offenses.html?pos=2
