← Back to exam page

C1000-018 – IBM QRadar SIEM V7.3.2 Fundamental Analysis

Loading demo links...

Showing 4–6 of 9 questions

Question 4

Which use case type is appropriate for VPN log sources? (Choose two.)

Select all that apply, then click Submit answer.

○
Advanced Persistent Threat (APT)
○
Insider Threat
○
Critical Data Protection
○
Securing the Cloud

Question 5

An analyst observed a port scan attack on an internal network asset from a remote network.

Which filter would be useful to determine the compromised host?

Select an option, then click Submit answer.

○
Any IP
○
Destination IP [Indexed]
○
Source or Destination IP
○
Source IP [Indexed]

Question 6

An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company’s publicly hosted FTP server. The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab.

Under which category, should the analyst report this issue to the security administrator?

Select an option, then click Submit answer.

○
Syn Flood
○
Port Scan
○
Network Scan
○
DDoS

← Prev 1 2 3 Next →

Page 2 of 3

Sale Ends In

2h 0m 0s