March Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

Note! The C1000-018 Exam is no longer available.

C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Questions and Answers

Questions 4

What are anomaly detection rules used for?

Options:

A.

Detecting volume changes that occur in regular patterns.

B.

Detecting event traffic.

C.

Detecting an activity that is greater or less than a specified range.

D.

Detecting when unusual traffic patterns occur in the network.

Buy Now
Questions 5

An analyst has been assigned a task to modify a rule in such a manner that Source IP of the triggered Offense from this rule should be stored in a Reference set.

Under which section of the rule wizard can the analyst achieve this?

Options:

A.

Rule Response

B.

Rule Action

C.

Rule Test Stack Editor

D.

Rule Response Limiter

Buy Now
Questions 6

While creating a new custom property, which is a valid property types selection?

Options:

A.

AQL Based

B.

Regular Expressions Based

C.

Flow Based

D.

Event Based

Buy Now
Questions 7

An analyst is searching for a list of events that meet specific search criteria and wants to display only the source IP and destination IP information for the events.

To get the required information, the analyst can open the Log Activity tab and then:

Options:

A.

select the field names,

select the start and end time from the drop down fields in the filters section,

then click search.

B.

click add filter,

select the desired parameters, operators, values and field names,

then click search.

C.

select advanced search.

type the corresponding AQL query,

then click search.

D.

select search,

then new search,

scroll down and select time range, column definitions, the search parameters

then click search.

Buy Now
Questions 8

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.

Which feature should the analyst use?

Options:

A.

Index Management

B.

Log Management

C.

Database Management

D.

Event Management

Buy Now
Questions 9

How can an analyst search for all events that include the keyword 'vims'?

Options:

A.

By going to the Network Activity tab and run a quick search with the 'virus' keyword.

B.

By going to the Log Activity tab and run a quick search with the 'virus' keyword.

C.

By going to the Offenses tab and run a quick search with the 'virus' keyword.

D.

By going to the Log Activity tab and run this AQL: select * from events where eventname like "virus'

Buy Now
Questions 10

How does an analyst view the base64 encoded string of an event’s raw payload that contains unprintable characters?

Options:

A.

Log Activity -> Under Payload Information, click base64 tab

B.

Copy the raw payload and use an external tool to view base64 data

C.

Admin -> Under Payload Information, click base64 tab

D.

Right click on the event -> view base64 data

Buy Now
Questions 11

How does an analyst view which rule triggered an Offense in the Offense summary page?

Options:

A.

Display -> Rules

B.

Actions -> View Rules

C.

Actions -> Display Rules

D.

Display -> Triggered Rules

Buy Now
Questions 12

An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.

What will happen to the scheduled report if the analyst manually generates this report?

Options:

A.

The scheduled report needs to be reconfigured.

B.

The analyst needs to delete the scheduled report and create a new one.

C.

The report will get duplicated so the analyst can then run one manually.

D.

The report still generates on the schedule initially configured.

Buy Now
Questions 13

How can an analyst verify if any host in the deployment is vulnerable to CVE ID; CVE-2010-000?

Options:

A.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $CVE-2010000

B.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: 2010-000

C.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: CVE-2010000

D.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $2010-000

Buy Now
Questions 14

An analyst working with QRadar SIEM has been assigned a new Offense and is preparing a custom report on the Offense summary page. From this page, the analyst wants to navigate to the Log Activity or Network Activity page to export the Event/Flow data (Action -> export to CSV).

How can the analyst do this? (Choose two)

Options:

A.

Click the Events / Flows icon.

B.

In the Event/Flow count section, click the link to open the page.

C.

In the Source IP(s) session, click the link to open the page.

D.

Click the Summary icon.

E.

Click the View Attack Path icon.

Buy Now
Questions 15

The SOC team complained that they have can only see one Offense in the Offenses tab.

space of 10 minutes, but the analyst How can the analyst ensure only one email is sent in this circumstance?

Options:

A.

Configure the postfix mail server on the Console to suppress duplicate items

B.

Ensure that the Rule Action Limiter is configured the same way as the Rule Response Limiter.

C.

Add a Response Limiter to the Rule, configured to execute only once every 30 minutes.

D.

Disable Automated Offense Notification - by email, in Advanced System Settings.

Buy Now
Exam Code: C1000-018
Exam Name: IBM QRadar SIEM V7.3.2 Fundamental Analysis
Last Update: Apr 14, 2023
Questions: 103