Create Next App

Exam contains 60 questions

Page 10 of 10

Question 55 🔥

What is the procedure to re-open a closed Offense?

Which database solution meets these requirements?

B. Wait for new events/flows that will re-open the closed Offense.

Highly voted

C. Activate the Offense in the action/re-open drop down menu of the Offense tab.

Highly voted

D. Activate the Offense in action/re-open drop down menu in the Admin tab.

Highly voted

A. A closed Offense cannot be re-opened.

Highly voted

Discussion of the question

Question 56 🔥

An analyst wants to view information about repeated offenders and IP addresses that generate many attacks or are subject to many attacks.What should the analyst choose from the navigation options in the Offense tab?

Which database solution meets these requirements?

A. By Event Category or By Event Source

Highly voted

B. By Source IP or By Destination IP

Highly voted

C. By Log Source IP or By Event Source

Highly voted

D. By Event or By Flows

Highly voted

Discussion of the question

Question 57 🔥

An analyst needs to perform a Quick search to find events under the Log Activity tab that contains an ‘exe’ file during a certain time period.How can the analyst do this?

Which database solution meets these requirements?

A. On the Search bar select Quick Filter, then insert filter criteria for ‘/*.exe/’ and then select a time interval from the view option’s drop down.

Highly voted

B. Select Search – New Search from the menu bar, then select all the search criteria required from the UI options provided.

Highly voted

C. Select Quick Searches on the menu bar, then go through the list of saved searches available to see if one already exists, that can be altered.

Highly voted

D. On the Search bar select Quick Filter, insert: ‘exe, last 1 hour’ into the filter criteria, then click Search.

Highly voted

Discussion of the question

Question 58 🔥

What is a valid offense naming mechanism?This information should:

Which database solution meets these requirements?

A. set the naming of the associated offense(s).

Highly voted

B. set or replace the naming of the associated offense(s).

Highly voted

C. replace the naming of the associated offense(s).

Highly voted

D. be included in the naming of the associated offense(s).

Highly voted

Discussion of the question

Question 59 🔥

What are the different flow types in QRadar?

Which database solution meets these requirements?

A. L2L, L2R, R2R, R2L

Highly voted

B. Standard, Type A, Type B, Type C

Highly voted

C. Standard, Type 1, Type2, Type 3

Highly voted

D. Type 1, Type 2, Type 3, Type 4

Highly voted

Discussion of the question

Question 60 🔥

An analyst needs to investigate why an Offense was created.How can the analyst investigate?

Which database solution meets these requirements?

A. Review the Offense summary to investigate the flow and event details.

Highly voted

B. Review the X-Force rules to investigate the Offense flow and event details.

Highly voted

C. Review pages of the Asset tab to investigate Offense details.

Highly voted

D. Review the Vulnerability Assessment tab to investigate Offense details.

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

ibm C1000_018

Exam contains 60 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us