Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

Note! C1000-018 has been withdrawn.

C1000-018 Practice Exam Questions with Answers IBM QRadar SIEM V7.3.2 Fundamental Analysis Certification

Question # 6

An analyst for a particular offense needs to investigate to understand the breakdown of the offense details.

How can the analyst do this?

A.

Look at the magnitude information and its breakdown.

B.

View the attack path of the offense.

C.

Look at all the event QIDs attached to the offense.

D.

Look at the list of categories, event low level categories and the events attached.

Full Access
Question # 7

An analyst has been assigned a task to modify a rule in such a manner that Source IP of the triggered Offense from this rule should be stored in a Reference set.

Under which section of the rule wizard can the analyst achieve this?

A.

Rule Response

B.

Rule Action

C.

Rule Test Stack Editor

D.

Rule Response Limiter

Full Access
Question # 8

What information is displayed in the default “Log Activity” page? (Choose two.)

A.

QID

B.

Protocol

C.

Qmap

D.

Log Source

E.

Event Name

Full Access
Question # 9

What is the procedure to re-open a closed Offense?

A.

A closed Offense cannot be re-opened.

B.

Wait for new events/flows that will re-open the closed Offense.

C.

Activate the Offense in the action/re-open drop down menu of the Offense tab.

D.

Activate the Offense in action/re-open drop down menu in the Admin tab.

Full Access
Question # 10

An analyst is noticing false positives from a single IP on a specific offense. How can the analyst tune the event rule to eliminate these false positives?

A.

Add the rule test "AND when IP address equals" to the bottom of the test list of the rule.

B.

Add the rule test "AND NOT when the offense is indexed by one of the following IP addresses".

C.

Add the rule test "AND NOT when IP address equals" to the bottom of the test list of the rule,

D.

Add the rule test "AND when IP address equals" to the top of the test list of the rule.

Full Access
Question # 11

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.

Which feature should the analyst use?

A.

Index Management

B.

Log Management

C.

Database Management

D.

Event Management

Full Access
Question # 12

An analyst needs to use a new custom property in a rule.

What must be the mandatory characteristic of the custom property?

A.

It must be shared.

B.

It must be boolean.

C.

It must be stored.

D.

It must be extracted.

Full Access
Question # 13

An analyst has manually created a new log source in QRadar.

What is the Low Level Category that will be applied to all events sent from this log log source type is applied?

A.

Unavailable

B.

Not Found

C.

Unknown

D.

Stored

Full Access
Question # 14

How can an analyst verify if any host in the deployment is vulnerable to CVE ID; CVE-2010-000?

A.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $CVE-2010000

B.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: 2010-000

C.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: CVE-2010000

D.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $2010-000

Full Access
Question # 15

How can a log source be defined?

A.

Data source such as a firewall or intrusion protection system (IPS) that creates an event log.

B.

Data source such as a user interacting with a QRadar Console to do daily work.

C.

Data source that can be found on the Network Activity tab.

D.

Data source such as Netflow. J-Flow or sFlow data.

Full Access