IBM C1000-162 IBM Security QRadar SIEM V7.5 Analysis Online Training
IBM C1000-162 Online Training
The questions for C1000-162 were last updated at Dec 26,2024.
- Exam Code: C1000-162
- Exam Name: IBM Security QRadar SIEM V7.5 Analysis
- Certification Provider: IBM
- Latest update: Dec 26,2024
Which parameters are used to calculate the magnitude rating of an offense?
- A . Relevance, credibility, time
- B . Severity, relevance, credibility
- C . Relevance, urgency, credibility
- D . Severity, impact, urgency
Reports can be generated by using which file formats in QRadar?
- A . PDF, HTML, XML, XLS
- B . JPG, GIF, BMP, TIF
- C . TXT, PNG, DOC, XML
- D . CSV, XLSX, DOCX, PDF
The Use Case Manager app has an option to see MITRE heat map.
Which two (2) factors are responsible for the different colors in MITRE heat map?
- A . Number of offenses generated
- B . Number of events associated to offense
- C . Number of rules mapped
- D . Level of mapping confidence
- E . Number of log sources associated
In QRadar. what do event rules test against?
- A . The parameters of an offense to trigger more responses
- B . Incoming log source data that is processed in real time by the QRadar Event Processor
- C . Incoming flow data that is processed by the QRadar Flow Processor
- D . Event and flow data
What two (2) guidelines should you follow when you define your network hierarchy?
- A . Do not configure a network group with more than 15 objects.
- B . Organize your systems and networks by role or similar traffic patterns.
- C . Use the autoupdates feature to automatically populate the network hierarchy.
- D . Import scan results into QRadar.
- E . Use flow data to build the asset database.
Create a list that stores Username as the first key. Source IP as the second key with an assigned cidr data type, and Source Port as the value.
The example above refers to what kind of reference data collections?
- A . Reference map of sets
- B . Reference store
- C . Reference table
- D . Reference map
What type of custom property should be used when an analyst wants to combine extraction-based URLs, virus names, and secondary user names into a single property?
- A . AOL-based property
- B . Absolution-based property
- C . Extraction-based property
- D . Calculation-based property
What happens when you select "False Positive" from the right-click menu in the Log Activity tab?
- A . You can tune out events that are known to be false positives.
- B . You can investigate an IP address or a user name.
- C . Items are filtered that match or do not match the selection.
- D . The selected event is filtered based on the selected parameter in the event.
Which statement regarding saved event search criteria is true?
- A . Saved search criteria expires
- B . Saved search criteria does not expire
- C . Saved search criteria cannot be reused
- D . You cannot define the name of the saved search criteria
Which two (2) aggregation types ate available for the pie chart in the Pulse app?
- A . Last
- B . Total
- C . Average
- D . First
- E . Middle