Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which two (2) aggregation types are available for the pie chart in the Pulse app?

A.

Last

B.

Middle

C.

Total

D.

First

E.

Average

What does this example of a YARA rule represent?

rule ibm_forensics : qradar

meta:

description = “Complex Yara rule.“

strings:

Shexl = {4D 2B 68 00 ?? 14 99 F9 B? 00 30 Cl 8D}

Sstrl = "IBM Security!"

condition:

Shexl and (#strl > 3)

A.

Flags content that contains the hex sequence, and hex1 at least three times

B.

Flags containing hex sequence and str1 less than three times

C.

Flags for str 1 at an offset of 25 bytes into the file

D.

Flags content that contains the hex sequence, and str1 greater than three times

On the Offenses tab, which column explains the cause of the offense?

A.

Description

B.

Offense Type

C.

Magnitude

D.

IPs

Which two (2) options are used to search offense data on the By Networks page?

A.

Raw/Flows

B.

Events/Flows

C.

NetIP

D.

Severity

E.

Network

During an active offense review, an analyst observed that a single source system generated a significant amount of high-rate traffic for transferring ^bound mail via port 25. The system responsible for this traffic was not authorized to function as a mail server.

lat is the correct action in this situation?

A.

Add the IP address of the source system to the Host Definition Mail Servers building block.

B.

Continue to investigate the offense and follow the organization’s response processes to stop the source system’s traffic.

C.

Submit a request to the firewall team to allow this type of traffic from the source system to remote destinations.

D.

Use the False Positive Wizard to tune the specific event and event category.

Reports can be generated by using which file formats in QRadar?

A.

PDF, HTML, XML, XLS

B.

JPG, GIF, BMP, TIF

C.

TXT, PNG, DOC, XML

D.

CSV, XLSX, DOCX, PDF

Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?

A.

Information

B.

DNS Lookup

C.

Navigate

D.

WHOIS Lookup

E.

Asset Summary page

How can adding indexed properties to QRadar improve the efficiency of searches?

A.

By reducing the size of the data set required to find non-indexed search values

B.

By increasing the size of the data set required to find non-indexed search values

C.

By slowing down the search process

D.

By reducing the number of indexed search values

A QRadar analyst is using the Log Activity screen to investigate the events that triggered an offense.

How can the analyst differentiate events that are associated with an offense?

A.

A red star icon in the first column of event list indicates a fully-matched event

B.

Fully matched events are not indexed

C.

Separate columns named 'Paritally matched’ and 'Fully matched' are populated

D.

Partially matched events are not indexed

What type of rules will test events or flows for volume changes that occur in regular patterns to detect outliers?

A.

Behavioral rules

B.

Anomaly rules

C.

Custom rules

D.

Threshold rules