IBM QRadar SIEM V7.3.2 Fundamental Analysis (C1000-018) Free Practice Test

Question 1

While creating a new custom property, which is a valid property types selection?

A. AQL Based

B. Flow Based

C. Event Based

D. Regular Expressions Based

Correct Answer: D

Question 2

An analyst is investigating a series of events that triggered an Offense. The analyst wants to get more detailed information about the IP address from the reference set.
How can the analyst accomplish this?

A. Click on Log Activity tab then perform an Advanced Search

B. Click on Searches tab then perform an Advanced Search

C. Click on Log Activity tab then perform a Quick Search

D. Click on Searches tab then perform a Quick Search

Correct Answer: B

Question 3

After working with an Offense, an analyst set the Offense as hidden. What does the analyst need to do to view the Offense at a later time?

A. Search for all Offenses owned by the analyst

B. Click Clear Filter next to the "Exclude Hidden Offenses".

C. In the all Offenses view, at the top of the view, select ''Show hidden'' from the ''Select an option'' drop- down.

D. In the al Offenses view, select Actions, then select show hidden Offenses.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which considering the ability to tune False Positives with the Confidence factor Setting, which statement applies?

A. Secure areas should have a higher confidence value, while less secure areas should have a lower confidence value a higher,,

B. When setting a confidence factor, using a higher value will result in a higher number of Offenses.

C. To ensure that the results are comparable, it is important to apply a common Confidence Factor across all network segments.

D. Secure areas should have a lower confidence value, while less secure areas should have a higher confidence value.

Correct Answer: A

Question 5

An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar.
Which feature should the analyst use?

A. Index Management

B. Database Management

C. Event Management

D. Log Management

Correct Answer: C

Question 6

How many normalized timestamp field(s) does an event contain?

A. 4

B. 3

C. 1

D. 2

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

What is the reason for this system notification?
"Time synchronization to primary or Console has failed"

A. Deny ntpdate communication on port 123

B. Deny ntpdate communication on port 423.

C. Deny ntpdate communication on port 323.

D. Deny ntpdate communication on port 223.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

There are 5 authentication servers that report to different Event Processors. There is a requirement to generate an Offense if there are 5 consecutive failed logins detected across any of the 5 Event Processors.
Which type of rule should the analyst create?

A. Persistent Rule

B. Local Rule

C. Offense Rule

D. Global Rule

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

IBM QRadar SIEM V7.3.2 Fundamental Analysis (C1000-018) Free Practice Test