What is a Device Support Module (DSM) function within QRadar?
What is a Device Support Module (DSM) function within QRadar?A . Unites data received from logsB . Provides Vendor specific configuration informationC . Scans log information based on a set of rules to output offensesD . Parses event information for SIEM products received from external sourcesView AnswerAnswer: D
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)A . RulesB . By CategoryC . My OffensesD . By Event NameE . Create OffenseF . Closed OffensesView AnswerAnswer: ABC
Which key elements does the Report Wizard use to help create a report?
Which key elements does the Report Wizard use to help create a report?A . Layout, Container, ContentB . Container, Orientation, LayoutC . Report Classification, Time, DateD . Pagination Option, Orientation, DateView AnswerAnswer: A Explanation: Reference: IBM Security QRadar SIEM Users Guide. Page: 201
Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?
Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?A . Outlier RuleB . Anomaly RuleC . Threshold RuleD . Behavioral RuleView AnswerAnswer: D Explanation: Reference: http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/ c_qradar_rul_anomaly_detection.html
What is the key difference between Rules and Building Blocks in QRadar?
What is the key difference between Rules and Building Blocks in QRadar?A . Rules have Actions and Responses; Building Blocks do not.B . The Response Limiter is available on Building Blocks but not on Rules.C . Building Blocks are built-in to the product; Rules are customized for each deployment.D ....
What is a capability of the Network Hierarchy in QRadar?
What is a capability of the Network Hierarchy in QRadar?A . Determining and identifying local and remote hostsB . Capability to move hosts from local to remote network segmentsC . Viewing real-time PCAP traffic between host groups to isolate malwareD . Controlling DHCP pools for segments groups (i.e. marketing, DMZ,...
Which two other filters can be shown using the right click event filtering functionality?
When using the right click event filtering functionality on a Source IP, one can filter by “Source IP is not [*]”. Which two other filters can be shown using the right click event filtering functionality? (Choose two.)A . Filter on DNS entry [*]B . Filter on Source IP is [*]C...
What is the default view when a user first logs in to QRadar?
What is the default view when a user first logs in to QRadar?A . Report TabB . Offense TabC . Dashboard tabD . Messages menuView AnswerAnswer: C Explanation: Reference: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_dash_tab.html
When might a Security Analyst want to review the payload of an event?
When might a Security Analyst want to review the payload of an event?A . When immediately after login, the dashboard notifies the analyst of payloads that must be investigatedB . When “Review payload” is added to the offense description automatically by the “System: Notification” ruleC . When the event is...
What is a benefit of using a span port, mirror port, or network tap as flow sources for QRadar?
What is a benefit of using a span port, mirror port, or network tap as flow sources for QRadar?A . These sources are marked with a current timestamp.B . These sources show the ASN number of the remote system.C . These sources show the username that generated the flow.D ....