C1000-018試験無料問題集（105題）「IBM QRadar SIEM V7.3.2 Fundamental Analysis 認定」

出題：1

An analyst is performing an investigation regarding an Offense. The analyst is uncertain to whom some of the external destination IP addresses in List of Events are registered.
How can the analyst verify to whom the IP addresses are registered?

A. Right-click on the destination address, More Options, then Information, and then WHOIS Lookup

B. Right-click on the destination address, More Options, then IP Owner

C. Right-click on the destination address, More Options, then Information, and then DNS Lookup

D. Right-click on the destination address, More Options, then Navigate, and then Destination Summary

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An analyst needs to create a rule that includes a building block definition that identifies a communication to a local SMTP server that then connects to an unapproved remote peer.
In which group will the analyst find this specified building block?

A. Network Definitions

B. Category Definitions

C. Host Definitions

D. Policy

正解：B 解答を投票する

出題：3

What event information within an offense would provide the analyst with a deep insight as to how it was created?

A. Event QID

B. Event Magnitude

C. Event Category

D. Event Payload

正解：B 解答を投票する

出題：4

An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.
What will happen to the scheduled report if the analyst manually generates this report?

A. The report still generates on the schedule initially configured.

B. The scheduled report needs to be reconfigured.

C. The analyst needs to delete the scheduled report and create a new one.

D. The report will get duplicated so the analyst can then run one manually.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What is the maximum time period for 3 subsequent events to be coalesced?

A. 60 seconds

B. 10 seconds

C. 10 minutes

D. 5 minutes

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.
Which feature should the analyst use?

A. Log Management

B. Database Management

C. Event Management

D. Index Management

正解：C 解答を投票する

出題：7

What steps are needed to add an Annotation to an event or flow that triggered a Rule?

A. When creating a Rule, a custom Annotation can be automatically applied to events and flows that originate from specified Sources.

B. Annotations can be manually added to an Offense. These Annotations are then automatically applied to all events or flows which triggered the rule creating that Offense.

C. When creating a Rule, a custom Annotation can be specified to automatically be applied to the event or flow that triggered the Rule.

D. Events and Flows cannot be Annotated, the only information allowed in an event or flow is data that was included in the original payload.

正解：C 解答を投票する

出題：8

An analyst needs to create a new custom dashboard to view dashboard items that meet a particular requirement.
What are the main steps in the process?

A. Request the administrator to create the custom dashboard with required items.

B. Select New Dashboard and copy name, add description, items and save.

C. Select New Dashboard and enter unique name, description, add items and save.

D. Locate existing dashboard and modify to include indexed items required and save.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

An analyst is encountering a large number of false positive results. Legitimate internal network traffic contains valid flows and events which are making it difficult to identify true security incidents.
What can the analyst do to reduce these false positive indicators?

A. Modify rules and/or Building Block to suppress false positive activity.

B. Filter the network traffic to receive only security related events.

C. Create an anomaly rule to detect false positives and suppress the event.

D. Create X-Force rules to detect false positive events.

正解：B 解答を投票する

出題：10

The graph below shows a time series of a value. A rule has been created which will trigger at the indicated point.

Which type of QRadar rule has been used?

A. Threshold Rule

B. Anomaly Rule

C. Behavioral Rule

D. Common Rule

正解：A 解答を投票する

C1000-018試験無料問題集「IBM QRadar SIEM V7.3.2 Fundamental Analysis 認定」