IBM Security Systems C1000-162 Book

IBM Security QRadar SIEM V7.5 Analysis Questions and Answers

Question 25

A Security Analyst has noticed that an offense has been marked inactive.

How long had the offense been open since it had last been updated with new events or flows?

Options:

1 day + 30 minutes

5 days + 30 minutes

10 days + 30 minutes

30 days + 30 minutes

Question 26

Which two (2) of these custom property expression types are supported in QRadar?

Options:

XLS

YAML

JSON

Regex

HTML

Question 27

Which two (2) types of data can be displayed by default in the Application Overview dashboard?

Options:

Flow Rate (Flows per Second - Peak 1 Min)

Top Applications (Total Bytes)

Outbound Traffic by Country (Total Bytes)

ICMP Type/Code (Total Packets)

Question 28

a selection of events for further investigation to somebody who does not have access to the QRadar system.

Which of these approaches provides an accurate copy of the required data in a readable format?

Options:

Log in to the Command Line Interface and use the ACP tool (/opt/qradar/bin/runjava.sh com.qllabs .ariel. Io.acp) with the necessary AQLfilters and destination directory.

Use the Advanced Search option in the Log Activity tab, run an AQL command: copy (select * from events last 2 hours) to ’output_events.csv’ WITH CSV.

Use the "Event Export (with AQL)" option in the Log Activity tab, test your query with the Test button. Then, to run the export, click Export to CSV.

Use the Log Activity tab, filter the events until only those that you require are shown. Then, from the Actions list, select Export to CSV > Full Export (All Columns).

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

IBM Security QRadar SIEM V7.5 Analysis Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce