New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Note! IBM has retired the C1000-018 Exam Contact us through Live Chat or email us for more information.

C1000-018 IBM QRadar SIEM V7.3.2 Fundamental Analysis Questions and Answers

Questions 4

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.

Which feature should the analyst use?

Options:

A.

Index Management

B.

Log Management

C.

Database Management

D.

Event Management

Buy Now
Questions 5

An analyst is investigating an Offense and has found that the issue is that a firewall appears to be misconfigured and has permitted traffic that should be prevented to pass.

As part of the firewall rule change process, the analyst needs to send the offense details to the firewall team to demonstrate that the firewall permitted traffic that should have been blocked.

How would the analyst send the Offense summary to an email mailbox?

Options:

A.

Find the CRE Event in the Log Activity tab, open the event detail and select ‘Email linked Offense details’ from the ‘Action’ menu.

B.

Search for the events linked to the Offense in the Log Activity tab; Select all events and copy them using CTRL-C then paste into an email client.

C.

Open the Offense in the Offenses tab, select ‘Email’ from the ‘Action’ menu item and, optionally, add some extra information.

D.

Identify the Offense in the Offense list, right click on the Offense and select ‘Custom Action Script’; ‘Offense Mailer’

Buy Now
Questions 6

An analyst working with QRadar SIEM has been assigned a new Offense and is preparing a custom report on the Offense summary page. From this page, the analyst wants to navigate to the Log Activity or Network Activity page to export the Event/Flow data (Action -> export to CSV).

How can the analyst do this? (Choose two)

Options:

A.

Click the Events / Flows icon.

B.

In the Event/Flow count section, click the link to open the page.

C.

In the Source IP(s) session, click the link to open the page.

D.

Click the Summary icon.

E.

Click the View Attack Path icon.

Buy Now
Questions 7

How can an analyst verify if any host in the deployment is vulnerable to CVE ID; CVE-2010-000?

Options:

A.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $CVE-2010000

B.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: 2010-000

C.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: CVE-2010000

D.

Use the asset search feature, select vulnerability external reference from the list of search parameters, select CVE and then type: $2010-000

Buy Now
Questions 8

An analyst is working on Offense management and finds that a few of the offenses are not being removed from the Offense tab even after the Offense retention period has elapsed.

What could be the reason that these offenses are not being removed?

Options:

A.

Offense has been annotated

B.

Offense is inactive

C.

Offense is released

D.

Offense is protected

Questions 9

An analyst is performing an investigation regarding an Offense. The analyst is uncertain to whom some of the external destination IP addresses in List of Events are registered.

How can the analyst verify to whom the IP addresses are registered?

Options:

A.

Right-click on the destination address, More Options, then Information, and then DNS Lookup

B.

Right-click on the destination address, More Options, then IP Owner

C.

Right-click on the destination address, More Options, then Information, and then WHOIS Lookup

D.

Right-click on the destination address, More Options, then Navigate, and then Destination Summary

Buy Now
Questions 10

The SOC team complained that they have can only see one Offense in the Offenses tab.

space of 10 minutes, but the analyst How can the analyst ensure only one email is sent in this circumstance?

Options:

A.

Configure the postfix mail server on the Console to suppress duplicate items

B.

Ensure that the Rule Action Limiter is configured the same way as the Rule Response Limiter.

C.

Add a Response Limiter to the Rule, configured to execute only once every 30 minutes.

D.

Disable Automated Offense Notification - by email, in Advanced System Settings.

Buy Now
Questions 11

An analyst is searching for a list of events that meet specific search criteria and wants to display only the source IP and destination IP information for the events.

To get the required information, the analyst can open the Log Activity tab and then:

Options:

A.

select the field names,

select the start and end time from the drop down fields in the filters section,

then click search.

B.

click add filter,

select the desired parameters, operators, values and field names,

then click search.

C.

select advanced search.

type the corresponding AQL query,

then click search.

D.

select search,

then new search,

scroll down and select time range, column definitions, the search parameters

then click search.

Buy Now
Questions 12

There are 5 authentication servers that report to different Event Processors. There is a requirement to generate an Offense if there are 5 consecutive failed logins detected across any of the 5 Event Processors.

Which type of rule should the analyst create?

Options:

A.

Global Rule

B.

Persistent Rule

C.

Local Rule

D.

Offense Rule

Buy Now
Questions 13

What is the difference between a Quick Search and an Advanced Search?

Options:

A.

An Advanced Search uses a saved search, while a Quick Search uses a query language.

B.

A Quick Search displays results by column, while an Advanced Search displays results by Category.

C.

A Quick Search uses a saved search, while an Advanced Search requires a query language.

D.

An Advanced Search displays results by Category, while a Quick Search displays results by column.

Buy Now
Questions 14

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

Options:

A.

(Process name) AND /.*exe/

B.

/Process name/AND (/exe) )

C.

/Process name/ AND /.*exe/

D.

"Process name" AND "*exe"

Buy Now
Questions 15

What information is included in flow details but is not in event details?

Options:

A.

Network summary information

B.

Magnitude information

C.

Number of bytes and packets transferred

D.

Log source information

Buy Now
Exam Code: C1000-018
Exam Name: IBM QRadar SIEM V7.3.2 Fundamental Analysis
Last Update: Dec 27, 2024
Questions: 103