← Back to exam page

156-730 IBM Certified Associate Administrator - Security QRadar SIEM V7.2.8

Loading demo links...

Showing 4–5 of 5 questions

Question 4

How does Threat Extraction work?

Select an option, then click Submit answer.

  • Scan and extract files for Command and Control activity.

  • It emulates a document and, if malicious, converts it into a PDF.

  • It extracts active content from a document.

  • It scans the document for malicious code and removes it.
Question 5

How can CPU Level Emulation detect ROP?

Select an option, then click Submit answer.

  • Locate a CPU flow buffer with mismatch between called and returned addresses.

  • Increased CPU temperature.

  • Wrong order in the ROP Gadgets Dictionary.

  • It is detected as soon as the evasion code runs and injects the malicious code into a legitimate process.