IBM C1000-018 Exam Practice Test Instant Access

Question 1

An analyst needs to review additional information about the Offense top contributors, including notes and annotations that are collected about the Offense.

Where can the analyst review this information?

AIn the top portion of the Offense main view

BIn the bottom portion of the Offense main view

CIn the top portion of the Offense Summary window

DIn the bottom portion of the Offense Summary window
In the bottom portion of the Offense Summary window, review additional information about the offense top contributors, including notes and annotations that are collected about the offense.
https://www.ibm.com/docs/en/SS42VS_7.3.3/com.ibm.qradar.doc/b_qradar_users_guide.pdf

Answer : D

Question 2

What information is included in flow details but is not in event details?

ANetwork summary information

BMagnitude information

CNumber of bytes and packets transferred

DLog source information

Answer : A

Question 3

How can an analyst search for all events that include the keyword 'vims'?

ABy going to the Network Activity tab and run a quick search with the 'virus' keyword.

BBy going to the Log Activity tab and run a quick search with the 'virus' keyword.

CBy going to the Offenses tab and run a quick search with the 'virus' keyword.

DBy going to the Log Activity tab and run this AQL: select * from events where eventname like 'virus'

Answer : D

Question 4

What steps are needed to add an Annotation to an event or flow that triggered a Rule?

AWhen creating a Rule, a custom Annotation can be automatically applied to events and flows that originate from specified Sources.

BEvents and Flows cannot be Annotated, the only information allowed in an event or flow is data that was included in the original payload.

CWhen creating a Rule, a custom Annotation can be specified to automatically be applied to the event or flow that triggered the Rule.

DAnnotations can be manually added to an Offense. These Annotations are then automatically applied to all events or flows which triggered the rule creating that Offense.

Answer : C

Question 5

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

A(Process name) AND /.*exe/

B/Process name/AND (/exe) )

C/Process name/ AND /.*exe/

D'Process name' AND '*exe'

Answer : B

IBM C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Exam Practice Test

Question 1

Question 2

Question 3

Question 4

Question 5