3 Months Free Update
3 Months Free Update
3 Months Free Update
What are two (2) Y-axis types that are available in the scatter chart type in the Pulse app?
How can an analyst search for all events that include the keyword "access"?
What two (2) guidelines should you follow when you define your network hierarchy?
Events can be exported from the QRadar Log Activity tab in which file formats?
To test for authorized access to a patent, create a list that uses a custom event property for Patent id as the key, and the username parameter as the value. Data is stored in records that map a key to multiple values and every key is unique. Use this list to populate a list of authorized users.
The example above refers to what kind of reference data collections?
A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?
Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?
How can adding indexed properties to QRadar improve the efficiency of searches?
When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?
Which flow fields should be used to determine how long a session has been active on a network?
An analyst runs a search with correct AQL. but no errors or results are shown.
What is one reason this could occur?
The Use Case Manager app has an option to see MITRE heat map.
Which two (2) factors are responsible for the different colors in MITRE heat map?
What does an analyst need to do before configuring the QRadar Use Case Manager app?
An analyst wants to share a dashboard in the Pulse app with colleagues.
The analyst exports the dashboard by using which format?
AQRadar analyst can check the rule coverage of MITRE ATT&CK tactics and techniques by using Use Case Manager.
In the Use Case Manager app, how can a QRadar analyst check the offenses triggered and mapped to MITRE ATT&CK framework?
QRadar analysts can download different types of content extensions from the IBM X-Force Exchange portal. Which two (2) types of content extensions are supported by QRadar?
Which two (2) values are valid for the Offense Type field when a search is performed in the My Offenses or All Offenses tabs?
Which parameters are used to calculate the magnitude rating of an offense?
Select all that apply
What is the sequence to create and save a new search called "Offense Data" that shows all the CRE events that are associated with offenses?
For a rule containing the test "and when the source is located in this geographic location" to work properly, what must a QRadar analyst configure?
Which are two (2) types of charts that can be configured in QRadar to display data on the dashboard?
azureindia.starttest.com says
A new log source was configured to send events to QRadar to help detect a malware outbreak. A security analyst has to create an offense based on properties from this payload but not all the information is parsed correctly.
What is the sequence of steps to ensure that the correct information is pulled from the payload to use in a rule?
Which two (2) types of data can be displayed by default in the Application Overview dashboard?
What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?
How can an analyst identify the top rules that generated offenses in the previous week and were closed as false positives or tuned?
Which parameters are used to calculate the magnitude rating of an offense?
A QRadar analyst is investigating the events of an offense. For a particular event on the list, the analyst wants to know which rules were fully ditched for the event.
where can the analyst check to see if the event has any fully matched rules?