- All Exams Instant Download
What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?
What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?A . That event could not be parsedB . That event arrived out of order from the original deviceC . That event was from a device that is not supported by...
Which two are top level options when right clicking on an IP Address within the Offense Summary page? (Choose two.)
Which two are top level options when right clicking on an IP Address within the Offense Summary page? (Choose two.)A . WHOISB . NavigateC . DNS LookupD . InformationE . Asset Summary PageView AnswerAnswer: BD
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?
An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username. What will QRadar do with the triggered rule assuming no offenses exist for...
How does flow data contribute to the Asset Database?
How does flow data contribute to the Asset Database?A . Correlated Flows are used to populate the Asset Database.B . It provides administrators visibility on how systems are communicating on the network.C . Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.D...
What is the flow bias of this session?
When reviewing Network Activity, a flow shows a communication between a local server on port 443, and a random, remote port. The bytes from the local destination host are 2 GB, and the bytes from the remote, source host address are 40KB. What is the flow bias of this session?A...
What are the two available formats for exporting event and flow data for external analysis? (Choose two.)
What are the two available formats for exporting event and flow data for external analysis? (Choose two.)A . XMLB . DOCC . PDFD . CSVE . HTMLView AnswerAnswer: AD
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?A . Add FilterB . Asset SearchC . Quick SearchD . Advanced SearchView AnswerAnswer: D Explanation: Reference: http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_ug_search_bar.html
Which pair of options are available in the left column on the Reports Tab?
Which pair of options are available in the left column on the Reports Tab?A . Reports and OwnerB . Reports and BrandingC . Reports and Report GroupingD . Reports and Scheduled ReportsView AnswerAnswer: B
Which file type is available for a report format?
Which file type is available for a report format?A . TXTB . DOCC . PDFD . PowerPointView AnswerAnswer: C
What is a primary goal with the use of building blocks?
What is a primary goal with the use of building blocks?A . A method to create reusable rule responsesB . A reusable test stack that can be used in other rulesC . A method to generate reference set updates without using a ruleD . A method to create new events...
