IBM QRadar SIEM V7.3.2 Fundamental Analysis C1000-018 Exam Questions

Page: 1 / 14
Total 103 questions
Question 1

Which use case type is appropriate for VPN log sources? (Choose two.)



Answer : A, B


Question 2

An analyst needs to find all events that are creating offenses that are triggered by rules that contain the word suspicious in the rule name.

Which query can the analyst use as a working sample?



Answer : A


Question 3

An analyst has been asked to present a report of all the incidents that have been detected by QRadar in the last 24 hours.

How can the analyst achieve this?



Answer : A


Question 4

An analyst has been assigned a number of Offenses to review and a new event occurs, review and manage. While reviewing an inactive offense, a new event occurs.

Which statement applies to the Offense?



Answer : B


Question 5

An analyst needs to review additional information about the Offense top contributors, including notes and annotations that are collected about the Offense.

Where can the analyst review this information?



Answer : D

In the bottom portion of the Offense Summary window, review additional information about the offense top contributors, including notes and annotations that are collected about the offense.

https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_users_guide.pdf


Question 6

An analyst is investigating access to sensitive data on a Linux system. Data is accessible from

the /secret directory and can be viewed using the 'sudo oaf command. The specific file /secret/file_08-txt was known to be accessed in this way. After searching in the Log Activity Tab, the following results are shown.

When interpreting this, the analyst is having trouble locating events which show when the file was accessed. Why could this be?



Answer : C


Question 7

What steps are needed to add an Annotation to an event or flow that triggered a Rule?



Answer : C


Page:    1 / 14   
Total 103 questions