Which query can the analyst use as a working sample?
An analyst needs to find all events that are creating offenses that are triggered by rules that contain the word suspicious in the rule name. Which query can the analyst use as a working sample?A . SELECT LOGSOURCENAME(logsourceid), * from events where RULENAME(creeventlist) ILIKE ‘%suspicious%’B . SELECT LOGGEDOFFENSE(logsourceid), * from...
Which graph types are available for QRadar SIEM reports? (Choose two)
Which graph types are available for QRadar SIEM reports? (Choose two)A . HistogramB . PieC . Trivial curveD . Frequency curveE . Stacked BarView AnswerAnswer: B,E Explanation: https://www.ibm.com/docs/en/qsip/7.4?topic=management-graph-types
What are the main steps in the process?
An analyst needs to create a new custom dashboard to view dashboard items that meet a particular requirement. What are the main steps in the process?A . Select New Dashboard and enter unique name, description, add items and save.B . Select New Dashboard and copy name, add description, items and...
A new analyst is tasked to identify potential false positive Offenses, then send details of those Offenses to the Security Operations Center (SOC) manager for review by using the send email notification feature.
A new analyst is tasked to identify potential false positive Offenses, then send details of those Offenses to the Security Operations Center (SOC) manager for review by using the send email notification feature.A . Total number of sources, top five categories, total number of destinations. Contributing CRE rules total number...
Which use case type is appropriate for VPN log sources? (Choose two.)
Which use case type is appropriate for VPN log sources? (Choose two.)A . Advanced Persistent Threat (APT)B . Insider ThreatC . Critical Data ProtectionD . Securing the CloudView AnswerAnswer: A,B Explanation: Reference: https://www.ibm.com/docs/en/dsm?topic=management-threat-use-cases-by-log-source-type
Where can an analyst investigate a security incident to determine the root cause of an issue, and then work to resolve it?
Where can an analyst investigate a security incident to determine the root cause of an issue, and then work to resolve it?A . Risk tabB . Network Activity tabC . Offense tabD . Vulnerabilities tabView AnswerAnswer: D
How can the analyst ensure only one email is sent in this circumstance?
The SOC team complained that they have can only see one Offense in the Offenses tab. space of 10 minutes, but the analyst How can the analyst ensure only one email is sent in this circumstance?A . Configure the postfix mail server on the Console to suppress duplicate itemsB ....
Which feature should the analyst use?
An analyst has created a custom property from the events for searching for critical information. The analyst also needs to reduce the number of event logs and data volume that is searched when looking for the critical information to maintain the efficiency and performance of QRadar. Which feature should the...
What is the intent of the magnitude of an offense?
What is the intent of the magnitude of an offense?A . It measures the age of the event attached to the offense.B . It measures the age of the offense.C . It measures the importance of the offense.D . It measures the importance of the event attached to the offense.View...
Which considering the ability to tune False Positives with the Confidence factor Setting, which statement applies?
Which considering the ability to tune False Positives with the Confidence factor Setting, which statement applies?A . Secure areas should have a lower confidence value, while less secure areas should have a higher confidence value.B . Secure areas should have a higher confidence value, while less secure areas should have...