C1000-018 by IBM Valid Free Exam Practice Test

Question 1

What are the different flow types in QRadar?

A. L2L, L2R, R2R, R2L B. Type 1, Type 2, Type 3, Type 4 C. Standard, Type 1, Type2, Type 3 D. Standard, Type A, Type B, Type C

Correct Answer: D

Question 2

What is the maximum time period for 3 subsequent events to be coalesced?

A. 10 minutes B. 10 seconds C. 60 seconds D. 5 minutes

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 3

What information is displayed in the default "Log Activity" page? (Choose two.)

A. Log Source B. Qmap C. Event Name D. Protocol E. QID

Correct Answer: A,C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 4

How does the Custom Rule Engine (CRE) evaluates rules?

A. It runs tests based on the criticality of the test, running the critical ones first. B. It runs all rule tests at the same time, and evaluates the result after all tests are complete C. It runs stateless tests first, then runs stateful tests and evaluates the result. D. It runs rule tests line-by-line in order, and continues while tests are true.

Correct Answer: C

Question 5

What steps are needed to add an Annotation to an event or flow that triggered a Rule?

A. When creating a Rule, a custom Annotation can be specified to automatically be applied to the event or flow that triggered the Rule. B. Events and Flows cannot be Annotated, the only information allowed in an event or flow is data that was included in the original payload. C. Annotations can be manually added to an Offense. These Annotations are then automatically applied to all events or flows which triggered the rule creating that Offense. D. When creating a Rule, a custom Annotation can be automatically applied to events and flows that originate from specified Sources.

Correct Answer: A

Question 6

An analyst needs to perform Offense management.
In QRadar SIEM, what is the significance of "Protecting" an offense?

A. Create an Action Incident response plan for a specific type of cyber attack. B. Escalate the Offense to the QRadar administrator for investigation. C. Hide the Offense in the Offense tab to prevent other analysts to see it. D. Prevent the Offense from being automatically removed from QRadar.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 7

An analyst needs to create a new custom dashboard to view dashboard items that meet a particular requirement.
What are the main steps in the process?

A. Select New Dashboard and enter unique name, description, add items and save. B. Select New Dashboard and copy name, add description, items and save. C. Locate existing dashboard and modify to include indexed items required and save. D. Request the administrator to create the custom dashboard with required items.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 8

An analyst is performing an investigation regarding an Offense. The analyst is uncertain to whom some of the external destination IP addresses in List of Events are registered.
How can the analyst verify to whom the IP addresses are registered?

A. Right-click on the destination address, More Options, then Navigate, and then Destination Summary B. Right-click on the destination address, More Options, then IP Owner C. Right-click on the destination address, More Options, then Information, and then DNS Lookup D. Right-click on the destination address, More Options, then Information, and then WHOIS Lookup

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

IBM QRadar SIEM V7.3.2 Fundamental Analysis - C1000-018 Exam Practice Test