IBM C1000-018 Exam Practice Test Instant Access

Question 1

An analyst needs to create a rule that includes a building block definition that identifies a communication to a local SMTP server that then connects to an unapproved remote peer.

In which group will the analyst find this specified building block?

ACategory Definitions

BHost Definitions

CNetwork Definitions

DPolicy

Answer : A

Question 2

Which QRadar timestamp specifies when the event was received from the log source?

ACollect time

BStart time

CStorage time

DLog Source time

Answer : B

Question 3

An analyst has manually created a new log source in QRadar.

What is the Low Level Category that will be applied to all events sent from this log log source type is applied?

AUnavailable

BNot Found

CUnknown

DStored

Answer : B

Question 4

An analyst has been assigned a number of Offenses to review and a new event occurs, review and manage. While reviewing an inactive offense, a new event occurs.

Which statement applies to the Offense?

AThe event is added in a new Offense that is created.

BThe event is added to the Offense and the status is changed to Dormant.

CThe rule that created the Offense is temporarily halted.

DThe event is added to the Offense and the status is changed to Active.

Answer : B

Question 5

An analyst needs to review additional information about the Offense top contributors, including notes and annotations that are collected about the Offense.

Where can the analyst review this information?

AIn the top portion of the Offense main view

BIn the bottom portion of the Offense main view

CIn the top portion of the Offense Summary window

DIn the bottom portion of the Offense Summary window

Answer : D

In the bottom portion of the Offense Summary window, review additional information about the offense top contributors, including notes and annotations that are collected about the offense.

https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_users_guide.pdf

Question 6

An analyst needs to investigate why an Offense was created.

How can the analyst investigate?

AReview the Offense summary to investigate the flow and event details.

BReview the X-Force rules to investigate the Offense flow and event details.

CReview pages of the Asset tab to investigate Offense details.

DReview the Vulnerability Assessment tab to investigate Offense details.

Answer : A

Question 7

A new analyst is tasked to identify potential false positive Offenses, then send details of those Offenses to the Security Operations Center (SOC) manager for review by using the send email notification feature.

ATotal number of sources, top five categories, total number of destinations. Contributing CRE rules total number of packets.

BTotal number of sources, top five sources by magnitude, total number of destinations, destination networks, total number of packets.

CTotal number of sources, top five sources by magnitude, total number of destinations, destination networks, total number of events.

DTotal number of sources, top five number of categories, total number of destinations, destination networks, total number of packets.

Answer : D

IBM QRadar SIEM V7.3.2 Fundamental Analysis C1000-018 Exam Practice Test