IBM C1000-018 Exam Practice Test Instant Access

Question 1

What is displayed in the status bar of the Log Activity tab when streaming events?

AAverage number of results that are received per second.

BAverage number of results that are received per minute.

CAccumulated number of results that are received per second.

DAccumulated number of results that are received per minute.

Answer : A

Status bar

When streaming events, the status bar displays the average number of results that are received per second.

Question 2

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

A(Process name) AND /.*exe/

B/Process name/AND (/exe) )

C/Process name/ AND /.*exe/

D'Process name' AND '*exe'

Answer : B

Question 3

While creating a new custom property, which is a valid property types selection?

AAQL Based

BRegular Expressions Based

CFlow Based

DEvent Based

Answer : B

https://www.ibm.com/docs/en/qsip/7.4?topic=qradar-custom-property-definitions-in-dsm-editor

Question 4

What happens to a Closed Offense after the offense retention period which defaults to 30 days7

AIt is automatically archived.

BIt is hidden from view.

CIt is deleted from the system.

DIt is manually deleted by the administrator

Answer : A

Question 5

An analyst has been asked to present a report of all the incidents that have been detected by QRadar in the last 24 hours.

How can the analyst achieve this?

ACreate an Event saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

BCreate a Common saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

CCreate an Event saved search from the last 24 hours and then using the Log Activity tab, create a report to make use of the existing saved search.

DCreate an Offense saved search from the last 24 hours and then using the Reports tab, create a report to make use of the existing saved search.

Answer : A

Question 6

What information is included in flow details but is not in event details?

ANetwork summary information

BMagnitude information

CNumber of bytes and packets transferred

DLog source information

Answer : A

Flows represent network activity by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records, which effectively are records of network sessions between two hosts.

Question 7

What is the reason for this system notification?

"Time synchronization to primary or Console has failed"

ADeny ntpdate communication on port 423.

BDeny ntpdate communication on port 223.

CDeny ntpdate communication on port 323.

DDeny ntpdate communication on port 123

Answer : D

38750129 - Time synchronization to primary or Console has failed.

The managed host cannot synchronize with the console or the secondary HA appliance cannotsynchronize with the primary appliance.

Administrators must allow ntpdatecommunication on port 123.

IBM C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Exam Practice Test