Which reference set data element attribute governs who can view its value?
The Use Case Manager app has an option to see MITRE heat map.
Which two (2) factors are responsible for the different colors in MITRE heat map?
QRadar analysts can download different types of content extensions from the IBM X-Force Exchange portal. Which two (2) types of content extensions are supported by QRadar?
Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?
Which two (2) values are valid for the Offense Type field when a search is performed in the My Offenses or All Offenses tabs?
a selection of events for further investigation to somebody who does not have access to the QRadar system.
Which of these approaches provides an accurate copy of the required data in a readable format?
On the Dashboard tab in QRadar. dashboards update real-time data at what interval?
Which browser is officially supported for QRadar?
How long will an AQL statement remain in execution if a time criteria is not specified, such as start, end, or last?
From the Offense Summary window, how is the list of rules that contributed to a chained offense identified?
A mapping of a username to a user’s manager can be stored in a Reference Table and output in a search or a report.
Which mechanism could be used to do this?
How can an analyst identify the top rules that generated offenses in the previous week and were closed as false positives or tuned?
From which tabs can a QRadar custom rule be created?
What QRadar application can help you ensure that IBM GRadar is optimally configured to detect threats accurately throughout the attack chain?
A Security Analyst has noticed that an offense has been marked inactive.
How long had the offense been open since it had last been updated with new events or flows?
What is the difference between an unknown event and a stored event?
A QRadar analyst wants to limit the time period for which an AOL query is evaluated. Which functions and clauses could be used for this?
What are the behavioral rule test parameter options?
Which parameters are used to calculate the magnitude rating of an offense?
How does a Device Support Module (DSM) function?
What right-click menu option can an analyst use to find information about an IP or URL?
A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.
What parameter and value should the analyst add as filter in the event search?
What is the name of the data collection set used in QRadar that can be populated with lOCs or other external data?
What does this example of a YARA rule represent?
rule ibm_forensics : qradar
meta:
description = “Complex Yara rule.“
strings:
Shexl = {4D 2B 68 00 ?? 14 99 F9 B? 00 30 Cl 8D}
Sstrl = "IBM Security!"
condition:
Shexl and (#strl > 3)
Reports can be generated by using which file formats in QRadar?
After how much time will QRadar mark an Event offense dormant if no new events or flows occur?
When investigating an offense, how does one find the number of flows or events associated with it?
On the Reports tab in QRadar. what does the message "Queued (position in the queue)" indicate when generating a report?
A QRadar analyst wants predefined searches, reports, custom rules, and custom properties for HIPAA compliance.
Which option does the QRadar analyst use to look for HIPAA compliance on QRadar?
How long does QRadar store payload indexes by default?
Which statement regarding the time series chart is true?
A new log source was configured to send events to QRadar to help detect a malware outbreak. A security analyst has to create an offense based on properties from this payload but not all the information is parsed correctly.
What is the sequence of steps to ensure that the correct information is pulled from the payload to use in a rule?
How does a QRadar analyst get to more information about a MITRE entry in the Use Case Manager?
In Rule Response, which two (2) options are available for Offense Naming?
What happens when you select "False Positive" from the right-click menu in the Log Activity tab?
Which two (2) dashboards in the Pulse app by default?
A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which fitters can the Security Analyst use to search for the information requested?
Which two (2) of these custom property expression types are supported in QRadar?