IBM Security QRadar V7.0 MR4 Fundamentals

1.

Which search parameter in the Log Activity tab must be used to filter events by activity (e.g. SSH Login Succeeded)?

Category Magnitude User Name Log Source

2.

Where would a user look to see the entire payload of an event?

The Raw Event tab View > Show Payload Right-click > Show Payload The Payload Information section

3.

Which tab displays correlated security alerts in IBM Security QRadar V7.0 MR4?

Admin Reports Offenses Log Activity

4.

How can a user quickly reload the default filter in their current tab?

Use the View option Use the Display option Clear all the current filters Double-click the Tab button

5.

How is an asset's weight used?

To classify the level of asset activity To define the vulnerability of the asset To determine how much emphasis IBM Security QRadar V7.0 MR4 gives when parsing logs To determine the true severity and relevance of an event when the asset is involved in an offense

6.

What is the main difference between a QFlow record versus a netflow capable router or switch?

QFlow can be used to trigger an alert. QFlow cannot capture the communication payload. QFlow can also be viewed in the Event Viewer window. QFlow and vFlow can capture the communication payload.

7.

A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications.
From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked?

Assets Offenses Log Activity Network Activity

8.

When working with rules, why do some rules specify QID values and some specify events?

Only low and high level categories can be specified within rules. It is a matter of convention; QIDmap and event names are the same. Event names are more precise; multiple events can be to the same QIDmap entry. QID values are more precise; multiple QIDmap entries can be to same event name.

9.

How is the real time streaming of payloads for events viewed?

View drop-down > Raw Events Action menu > View Raw Events Display drop-down > Raw Events Right-click on the events > View Raw Events

10.

What action must be taken to view reports related to PCI specifically?

Right-click on Compliance and select PCI group. There are no filtering or grouping capabilities for reports. Click on the Group drop-down menu and select the category. SSH to the Console and execute a GREP command to find PCI report options.

IBM Security QRadar V7.0 MR4 Fundamentals

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

IBM Security QRadar V7.0 MR4 Fundamentals

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner