IBM C1000-018 Exam Practice Test Instant Access

Question 1

How would an analyst Interpret this QRadar notification: "SAR Sentinel: threshold crossed?"

AThe system disk usage is above the threshold and must be reduced to avoid potential data loss.

BThe system load is above the threshold and can experience reduced performance.

CThe anomaly detection engine has detected volume of failed logins above the threshold.

DThe Custom Rule Engine is currently detecting a distributed denial of service attack.

Answer : A

Question 2

An analyst has been asked to present a report of all the incidents that have been detected by QRadar in the last 24 hours.

How can the analyst achieve this?

ACreate an Event saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

BCreate a Common saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

CCreate an Event saved search from the last 24 hours and then using the Log Activity tab, create a report to make use of the existing saved search.

DCreate an Offense saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

Answer : A

Question 3

How does the Custom Rule Engine (CRE) evaluates rules?

AIt runs stateless tests first, then runs stateful tests and evaluates the result.

BIt runs tests based on the criticality of the test, running the critical ones first.

CIt runs rule tests line-by-line in order, and continues while tests are true.

DIt runs all rule tests at the same time, and evaluates the result after all tests are complete

Answer : A

Question 4

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

A(Process name) AND /.*exe/

B/Process name/AND (/exe) )

C/Process name/ AND /.*exe/

D'Process name' AND '*exe'

Answer : B

Question 5

What is the reason for this system notification?

"Time synchronization to primary or Console has failed"

ADeny ntpdate communication on port 423.

BDeny ntpdate communication on port 223.

CDeny ntpdate communication on port 323.

DDeny ntpdate communication on port 123

Answer : D

38750129 - Time synchronization to primary or Console has failed.

The managed host cannot synchronize with the console or the secondary HA appliance cannotsynchronize with the primary appliance.

Administrators must allow ntpdatecommunication on port 123.

Question 6

An analyst needs to perform a Quick search to find events under the Log Activity tab that contains an 'exe' file during a certain time period.

How can the analyst do this?

AOn the Search bar select Quick Filter, then insert filter criteria for '/*.exe/' and then select a time interval from the view option's drop down.

BSelect Search -- New Search from the menu bar, then select all the search criteria required from the UI options provided.

CSelect Quick Searches on the menu bar, then go through the list of saved searches available to see if one already exists, that can be altered.

DOn the Search bar select Quick Filter, insert: 'exe, last 1 hour' into the filter criteria, then click Search.

Answer : A

Question 7

Where can an analyst investigate a security incident to determine the root cause of an issue, and then work to resolve it?

ARisk tab

BNetwork Activity tab

COffense tab

DVulnerabilities tab

Answer : D

IBM QRadar SIEM V7.3.2 Fundamental Analysis C1000-018 Exam Practice Test