← Back to exam page

C1000-018 – IBM QRadar SIEM V7.3.2 Fundamental Analysis

Loading demo links...

Showing 7–9 of 9 questions

Question 7

An analyst needs to perform Offense management.

In QRadar SIEM, what is the significance of “Protecting” an offense?

Select an option, then click Submit answer.

○
Escalate the Offense to the QRadar administrator for investigation.
○
Hide the Offense in the Offense tab to prevent other analysts to see it.
○
Prevent the Offense from being automatically removed from QRadar.
○
Create an Action Incident response plan for a specific type of cyber attack.

Question 8

An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.

What will happen to the scheduled report if the analyst manually generates this report?

Select an option, then click Submit answer.

○
The scheduled report needs to be reconfigured.
○
The analyst needs to delete the scheduled report and create a new one.
○
The report will get duplicated so the analyst can then run one manually.
○
The report still generates on the schedule initially configured.

Question 9

What is the purpose of Anomaly detection rules?

Select an option, then click Submit answer.

○
They inspect other QRadar rules.
○
They detect if QRadar is operating at peak performance and error free.
○
They detect unusual traffic patterns in the network from the results of saved flow and events.
○
They run past events and flows through the Custom Rules Engine (CRE) to identify threats or security incidents that already occurred.

← Prev 1 2 3 Next →

Page 3 of 3

Sale Ends In

2h 0m 0s