IBM C1000-018 Exam Practice Test Instant Access

Question 1

An analyst needs to perform a Quick search to find events under the Log Activity tab that contains an 'exe' file during a certain time period.

How can the analyst do this?

AOn the Search bar select Quick Filter, then insert filter criteria for '/*.exe/' and then select a time interval from the view option's drop down.

BSelect Search -- New Search from the menu bar, then select all the search criteria required from the UI options provided.

CSelect Quick Searches on the menu bar, then go through the list of saved searches available to see if one already exists, that can be altered.

DOn the Search bar select Quick Filter, insert: 'exe, last 1 hour' into the filter criteria, then click Search.

Answer : A

Question 2

What is a valid offense naming mechanism?

This information should:

Aset the naming of the associated offense(s).

Bset or replace the naming of the associated offense(s).

Creplace the naming of the associated offense(s).

Dbe included in the naming of the associated offense(s).

Answer : A

Under 'Offense Naming', check 'This information should

contribute to the name of the associated offense(s)'.

Question 3

What are the different flow types in QRadar?

AL2L, L2R, R2R, R2L

BStandard, Type A, Type B, Type C

CStandard, Type 1, Type2, Type 3

DType 1, Type 2, Type 3, Type 4

Answer : B

Question 4

An analyst needs to investigate why an Offense was created.

How can the analyst investigate?

AReview the Offense summary to investigate the flow and event details.

BReview the X-Force rules to investigate the Offense flow and event details.

CReview pages of the Asset tab to investigate Offense details.

DReview the Vulnerability Assessment tab to investigate Offense details.

Answer : A

Question 5

Which consideration should be given to the position of rule tests that evaluate regular expressions (Regex tests)?

AThey can only be used in Building Blocks to ensure they are evaluated as infrequently as possible.

BThey are usually the most specific. As such, they should appear first in the order.

CThey are usually the most expensive. As such, they should appear last in the order.

DThey are stateful tests. As such QRadar automatically evaluates them last.

Answer : A

Question 6

An analyst needs to create a rule that includes a building block definition that identifies a communication to a local SMTP server that then connects to an unapproved remote peer.

In which group will the analyst find this specified building block?

ACategory Definitions

BHost Definitions

CNetwork Definitions

DPolicy

Answer : A

Question 7

How would an analyst efficiently include all the Antivirus logs integrated with QRadar for the last 24 hours?

ALog Activity -> Use Log Source parameter with Equals Operator

BLog Activity -> Use Log Source Type parameter with Member of Operator

CLog Activity -> Use Log Source parameter with Equals any of Operator

DLog Activity -> Use Log Source Type parameter with Equals any of Operator

Answer : C

IBM C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Exam Practice Test