C1000-162試験無料問題集（140題）「IBM Security QRadar SIEM V7.5 Analysis 認定」

出題：1

Which IBM X-Force Exchange feature could be used to query QRadar to see if any of the lOCs were detected for COVID-19 activities?

A. Threat Intelligence ATP

B. STIX Bundle

C. Ami Affected

D. TAXI I automatic updates

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?

A. The full list of AQL databases, functions and fields (properties) is displayed.

B. The full list of AOL functions, fields (properties), and keywords is displayed.

C. The full list of AQL tables and relationships from a database is displayed.

D. The full list of AQL functions, tables, and views from a database is displayed.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

What type of reference data collection would you use to correlate a unique key to a value?

A. Reference set

B. Reference table

C. Reference map

D. Reference list

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

During an active offense review, an analyst observed that a single source system generated a significant amount of high-rate traffic for transferring ^bound mail via port 25. The system responsible for this traffic was not authorized to function as a mail server.
lat is the correct action in this situation?

A. Continue to investigate the offense and follow the organization's response processes to stop the source system's traffic.

B. Use the False Positive Wizard to tune the specific event and event category.

C. Submit a request to the firewall team to allow this type of traffic from the source system to remote destinations.

D. Add the IP address of the source system to the Host Definition Mail Servers building block.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What Is the result of the following AQL statement?

A. Returns all fields where the username is different from the ERS string and is case-sensitive

B. Returns all fields where the username is different from the ERS string and is case-insensitive

C. Returns all fields where the username contains the ERS string and is case-insensitive

D. Returns all fields where the username contains the ERS string and is case-sensitive

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

QRadar analysts can download different types of content extensions from the IBM X-Force Exchange portal.
Which two (2) types of content extensions are supported by QRadar?

A. Offenses

B. Custom Functions

C. Events

D. Flows

E. FGroup

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the configured parameters is found in the Event Details page?

A. Log Source Time

B. Event Processor UUID

C. Log Source Group

D. High Level Category

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

What happens when you select "False Positive" from the right-click menu in the Log Activity tab?

A. The selected event is filtered based on the selected parameter in the event.

B. You can investigate an IP address or a user name.

C. You can tune out events that are known to be false positives.

D. Items are filtered that match or do not match the selection.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which parameter is calculated based on the relevance, severity, and credibility of an offense?

A. Impact rating

B. Severity age

C. Magnitude rating

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

How can an analyst improve the speed of searches in QRadar?

A. Use Index Management to disable indexing.

B. Narrow the overall data by adding an indexed field in the search query.

C. Increase the overall data in the search query.

D. Remove all indexed fields from the search query.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

C1000-162試験無料問題集「IBM Security QRadar SIEM V7.5 Analysis 認定」