IBM C1000-162 Exam Practice Test Instant Access

Question 1

What is the effect of toggling the Global/Local option to Global in a Custom Rule?

AIt allows a rule to compare events & flows in real time.

BIt allows a rule to analyze the geographic location of the event source.

CIt allows rules to be tracked by the central processor for detection by any Event Processor.

DIt allows a rule to inject new events back into the pipeline to affect and update other incoming events.

Answer : D

Question 2

The magnitude rating of an offense in QRadar is calculated based on which values?

ARelevance, severity, importance

BRelevance, credibility, severity

CCriticality, severity, importance

DCriticality, severity, credibility

Answer : B

The magnitude rating of an offense in QRadar is calculated based on relevance, severity, and credibility. Relevance determines the impact on the network, credibility indicates the integrity of the offense, and severity represents the level of threat. QRadar uses complex algorithms to calculate and periodically re-evaluate the offense magnitude rating.

Question 3

What process is used to perform an IP address X-Force Exchange Lookup in QRadar?

AOffense summary tab > right-click IP address > Plugin Option > X-Force Exchange Lookup

BCopy the IP address and go to X-Force Exchange to perform the lookup

CRun Autoupdate

DRun a query on maxmind db

Answer : A

To perform an IP address X-Force Exchange Lookup in QRadar, you can follow these steps2:

Select the Log Activity or the Network Activity tab.

Right-click the IP address that you want to view in X-Force Exchange.

Select More Options > Plugin Options > X-Force Exchange Lookup to open the X-Force Exchange interface2.

The procedure to perform an IP address X-Force Exchange Lookup in QRadar involves selecting either the Log Activity or the Network Activity tab, right-clicking the IP address of interest, and then navigating through More Options > Plugin Options > X-Force Exchange Lookup to access the X-Force Exchange interface.

Question 4

Which two (2) types of data can be displayed by default in the Application Overview dashboard?

ALogin Failures by User {real-time)

BFlow Rate (Flows per Second - Peak 1 Min)

CTop Applications (Total Bytes)

DOutbound Traffic by Country (Total Bytes)

EICMP Type/Code (Total Packets)

Answer : C, D

The Application Overview dashboard in QRadar includes various default items1.Two of these items areTop Applications (Total Bytes)andOutbound Traffic by Country (Total Bytes)1.

Default dashboards - IBM Documentation

According to the IBM Security QRadar SIEM V7.5 documentation, the Application Overview dashboard by default includes items such as 'Inbound Traffic by Country (Total Bytes),' 'Outbound Traffic by Country (Total Bytes),' and 'Top Applications (Total Bytes)' among others. This confirms that options C and D are displayed by default on the Application Overview dashboard.

Question 5

What Is the result of the following AQL statement?

AReturns all fields where the username contains the ERS string and is case-sensitive

BReturns all fields where the username contains the ERS string and is case-insensitive

CReturns all fields where the username is different from the ERS string and is case-insensitive

DReturns all fields where the username is different from the ERS string and is case-sensitive

Answer : B

The AQL (Ariel Query Language) statement provided would return all fields from the 'events' table where the 'username' column contains the string 'ERS', regardless of case. The 'ILIKE' operator in AQL is used for case-insensitive pattern matching, which means that it will match 'ers', 'Ers', 'ErS', etc.

Question 6

Which two (2) values are valid for the Offense Type field when a search is performed in the My Offenses or All Offenses tabs?

AQID

BAny

CRisk Score

DDDoS

ESource IP

Answer : B, E

In QRadar, when performing a search in the My Offenses or All Offenses tabs, valid values for the Offense Type field include 'Any' and 'Source IP'. 'Any' searches all offense sources, while 'Source IP' allows for searching offenses with a specific source IP address.

Question 7

The Pulse app contains which two (2) widget chart types?

ASmall number chart

BHexadecimal chart

CBinary chart

DScatter chart

EBig number chart

Answer : D, E

Widget chart types - IBM Documentation

IBM C1000-162 IBM Certified Analyst - Security QRadar SIEM V7.5 Exam Practice Test