Which key elements does the Report Wizard use to help create a report?

A. Layout, Container, Content

B. Container, Orientation, Layout

C. Report Classification, Time, Date

D. Pagination Option, Orientation, Date

What is an example of the use of a flow data that provides more information than an event data?

A. Represents a single event on the network

B. Automatically identifies and better classifies new assets found on a network

C. Performs near real-time comparisons of application data with logs sent from security devices

D. Represents network activity by normalizing IP addresses ports, byte and packet counts, as well as other details

A Security Analyst was asked to search for an offense on a specific day. The requester was not sure of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.

Which filters can the Security Analyst use to search for the information requested?

A. Offense ID, Source IP, Username

B. Magnitude, Source IP, Destination IP

C. Description, Destination IP, Host Name

D. Specific Interval, Username, Destination IP

What is the purpose of coalescing?

A. To reduce the number of events which count against EPS licenses

B. To reduce the amount of data received by QRadar event collectors

C. To reduce the amount of data going through the pipeline and stored onto disk

D. To reduce the number of offenses generated by QRadar as part of the tuning process

Which QRadar add-on component can quickly retrace the step-by-step actions of an attacker?

A. QRadar Risk Manager

B. QRadar Flow Connector

C. QRadar Incident Forensics

D. QRadar Vulnerability Manager

Which three could be considered a log source type? (Choose three.)

A. Red Hat Network

B. IBM ISS Proventia

C. QRadar Event Processor

D. Check Point Firewall-1

E. Sourcefire Flow Injector

F. McAfee ePolicy Orchestrator

What are two common uses for a SIEM? (Choose two.)

A. Managing and normalizing log source data

B. Identifying viruses based on payload MD5s

C. Blocking network traffic based on rules matched

D. Enforcing governmental compliance auditing and remediation

E. Performing near real-time analysis and observation of a network and its devices

Which three things can be found under the Information menu when right clicking an IP address? (Choose three.)

A. Asset Profile

B. DNS Lookup

C. Hide Offense

D. WHOIS Lookup

E. Annotation View

F. Username Lookup

What is the definition of asset profile on QRadar?

A. It is any network endpoint that sends or receives data across a network infrastructure.

B. It is all the information that IBM Security QRadar SIEM collected over time about a specific asset.

C. It is the information servers and hosts in a network provide to assist users when resolving security issues.

D. It is an application used to configure and distribute settings to devices and computers in an organization, school, or business.

What is the correct procedure to both assign and add a note to an offense from the Graphical User Interface (GUI)?

A. Both tasks must be done independently and can only be done on the Offenses Tab.

B. With the new release of 7.2.6 this can now be done in one step from the Offenses Tab only.

C. Both tasks must be done independently but can be completed from both the Offenses Tab and the Offense Summary Page.

D. With the new release 7.2.6 this can be done in one step, both the Offenses Tab and the Offense Summary Page.