IBM Certified Associate Analyst - IBM QRadar SIEM V7.3.2 Changed C1000-018 Questions

IBM QRadar SIEM V7.3.2 Fundamental Analysis Questions and Answers

Question 9

When is the rating of an Offense magnitude re-evaluated?

when a port is opened

when the threat assessment changes

when new events are added to the Offens

when the number of vulnerabilities increases

Question 10

After working with an Offense, an analyst set the Offense as hidden. What does the analyst need to do to view the Offense at a later time?

Click Clear Filter next to the "Exclude Hidden Offenses".

In the all Offenses view, at the top of the view, select ‘’Show hidden‘’ from the ‘’Select an option‘’ drop- down.

In the al Offenses view, select Actions, then select show hidden Offenses.

Search for all Offenses owned by the analyst

Question 11

What is the maximum time period for 3 subsequent events to be coalesced?

10 minutes

10 seconds

5 minutes

60 seconds

Question 12

The SOC team complained that they have can only see one Offense in the Offenses tab.

space of 10 minutes, but the analyst How can the analyst ensure only one email is sent in this circumstance?

Configure the postfix mail server on the Console to suppress duplicate items

Ensure that the Rule Action Limiter is configured the same way as the Rule Response Limiter.

Add a Response Limiter to the Rule, configured to execute only once every 30 minutes.

Disable Automated Offense Notification - by email, in Advanced System Settings.