IBM C1000-018 Exam Questions Instant Access

Question 1

An analyst has manually created a new log source in QRadar.

What is the Low Level Category that will be applied to all events sent from this log log source type is applied?

AUnavailable

BNot Found

CUnknown

DStored

Answer : B

Question 2

Why would an analyst update host definition building blocks in QRadar?

ATo reduce false positives.

BTo narrow a search.

CTo stop receiving events from the host.

DTo close an Offense

Answer : D

Building blocks to reduce the number of offenses that are generated by high volume traffic servers.

Question 3

What are the different flow types in QRadar?

AL2L, L2R, R2R, R2L

BStandard, Type A, Type B, Type C

CStandard, Type 1, Type2, Type 3

DType 1, Type 2, Type 3, Type 4

Answer : B

Question 4

An analyst for a particular offense needs to investigate to understand the breakdown of the offense details.

How can the analyst do this?

ALook at the magnitude information and its breakdown.

BView the attack path of the offense.

CLook at all the event QIDs attached to the offense.

DLook at the list of categories, event low level categories and the events attached.

Answer : A

Question 5

An analyst notices that there are a number of invalid Offenses being created from a network node. This node has been determined to be in Domain 2 and has the following log sources sending it events: (3Com 8800 Series Switch from 172.18.1.1, Cisco ACE Firewall from 172.18.1.2, FireEye from 172.18.1.3, and Palo Alto PA Series from 172.18.1.8).

The analyst should create a False Positive Building Block that has a filter:

A'when the destination IP is in 172.18.0.0/16'

B'when the local network is Domain 2 and when the source IP is in 172.18.0.0/16'

C'when the remote IP is one of the following 172.18.1.1, 172.18.1.2. 1.3 172. 18.18.1.8

D'when the local network is Domain 2 and when the source IP is in 172.18.0.0/16'

Answer : D

Question 6

How would an analyst efficiently include all the Antivirus logs integrated with QRadar for the last 24 hours?

ALog Activity -> Use Log Source parameter with Equals Operator

BLog Activity -> Use Log Source Type parameter with Member of Operator

CLog Activity -> Use Log Source parameter with Equals any of Operator

DLog Activity -> Use Log Source Type parameter with Equals any of Operator

Answer : C

Question 7

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

A(Process name) AND /.*exe/

B/Process name/AND (/exe) )

C/Process name/ AND /.*exe/

D'Process name' AND '*exe'

Answer : B

IBM QRadar SIEM V7.3.2 Fundamental Analysis C1000-018 Exam Questions