Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Examstrust Logo
examstrust mcafee
  1. Home
  2. IBM
  3. IBM Certified Associate Analyst - IBM QRadar SIEM V7.3.2
  4. C1000-018 - IBM QRadar SIEM V7.3.2 Fundamental Analysis

IBM C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Exam Practice Test

Page: 1 / 10
Total 103 questions
Get C1000-018 Full Access Download C1000-018 PDF

IBM QRadar SIEM V7.3.2 Fundamental Analysis Questions and Answers

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$59.5  $169.99
Add to Cart

Testing Engine

  • Product Type: Testing Engine
$42  $119.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$36.75  $104.99
Add to Cart
Question 1

From which tab in QRadar SIEM can an analyst search vulnerability data and remediate vulnerabilities?

Options:

A.

Log Activity

B.

Admin

C.

Dashboard

D.

Assets

Question 2

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.

Which feature should the analyst use?

Options:

A.

Index Management

B.

Log Management

C.

Database Management

D.

Event Management

Question 3

What is the purpose of Anomaly detection rules?

Options:

A.

They inspect other QRadar rules.

B.

They detect if QRadar is operating at peak performance and error free.

C.

They detect unusual traffic patterns in the network from the results of saved flow and events.

D.

They run past events and flows through the Custom Rules Engine (CRE) to identify threats or security incidents that already occurred.

Question 4

An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.

What will happen to the scheduled report if the analyst manually generates this report?

Options:

A.

The scheduled report needs to be reconfigured.

B.

The analyst needs to delete the scheduled report and create a new one.

C.

The report will get duplicated so the analyst can then run one manually.

D.

The report still generates on the schedule initially configured.

Question 5

How does the Custom Rule Engine (CRE) evaluates rules?

Options:

A.

It runs stateless tests first, then runs stateful tests and evaluates the result.

B.

It runs tests based on the criticality of the test, running the critical ones first.

C.

It runs rule tests line-by-line in order, and continues while tests are true.

D.

It runs all rule tests at the same time, and evaluates the result after all tests are complete

Question 6

Where can an analyst investigate a security incident to determine the root cause of an issue, and then work to resolve it?

Options:

A.

Risk tab

B.

Network Activity tab

C.

Offense tab

D.

Vulnerabilities tab

Question 7

What does the Assets tab provide?

A unified view of the information that is kwon about:

Options:

A.

events and flows.

B.

triggered Offenses.

C.

log sources.

D.

network devices.

Question 8

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

Options:

A.

(Process name) AND /.*exe/

B.

/Process name/AND (/exe) )

C.

/Process name/ AND /.*exe/

D.

"Process name" AND "*exe"

Question 9

An analyst is encountering a large number of false positive results. Legitimate internal network traffic contains valid flows and events which are making it difficult to identify true security incidents.

What can the analyst do to reduce these false positive indicators?

Options:

A.

Create X-Force rules to detect false positive events.

B.

Create an anomaly rule to detect false positives and suppress the event.

C.

Filter the network traffic to receive only security related events.

D.

Modify rules and/or Building Block to suppress false positive activity.

Question 10

After working with an Offense, an analyst set the Offense as hidden. What does the analyst need to do to view the Offense at a later time?

Options:

A.

Click Clear Filter next to the "Exclude Hidden Offenses".

B.

In the all Offenses view, at the top of the view, select ‘’Show hidden‘’ from the ‘’Select an option‘’ drop- down.

C.

In the al Offenses view, select Actions, then select show hidden Offenses.

D.

Search for all Offenses owned by the analyst

Question 11

An analyst needs to create a dashboard item that can be shared with other users. What is the main step in this process?

Options:

A.

Have users index the shared search criteria for reuse.

B.

Ask the administrator to modify the shared search criteria and test the dashboard.

C.

Enable a new custom dashboard and share it with users.

D.

Create and share the search criteria that the dashboard Item will use.

Question 12

When is the rating of an Offense magnitude re-evaluated?

Options:

A.

when a port is opened

B.

when the threat assessment changes

C.

when new events are added to the Offens

D.

when the number of vulnerabilities increases

Question 13

What is the difference between a Quick Search and an Advanced Search?

Options:

A.

An Advanced Search uses a saved search, while a Quick Search uses a query language.

B.

A Quick Search displays results by column, while an Advanced Search displays results by Category.

C.

A Quick Search uses a saved search, while an Advanced Search requires a query language.

D.

An Advanced Search displays results by Category, while a Quick Search displays results by column.

Question 14

When ordering these tests in an event rule, which of them is the best test to place at the top of the list for rule performance?

Options:

A.

When the source is [local or remote]

B.

When the destination is [local or remote]

C.

When the event(s) were detected by one or more of [these log sources]

D.

When an event matches all of the following [Rules or Building Blocks]

Question 15

An analyst needs to investigate why an Offense was created.

How can the analyst investigate?

Options:

A.

Review the Offense summary to investigate the flow and event details.

B.

Review the X-Force rules to investigate the Offense flow and event details.

C.

Review pages of the Asset tab to investigate Offense details.

D.

Review the Vulnerability Assessment tab to investigate Offense details.

Load More C1000-018 Questions
Page: 1 / 10
Total 103 questions
Get C1000-018 Full Access Download C1000-018 PDF