C1000-162無料問題集「IBM Security QRadar SIEM V7.5 Analysis」

質問 1

Where can you view a list of events associated with an offense in the Offense Summary window?

（A）Destination IPs

（B）Display > Destination IPs

（C）Events from Event/Flow count column

（D）Source IPs

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A mapping of a username to a user's manager can be stored in a Reference Table and output in a search or a report.
Which mechanism could be used to do this?

（A）Reference Table lookup values can be accessed in an advanced search.

（B）Reference Table lookup values are automatically used whenever a saved search is run.

（C）Reference Table lookup values can be accessed as custom event properties.

（D）Quick Search filters can select users based on their manager's name.

正解：A 解答を投票する

質問 3

How can an analyst search for all events that include the keyword "access"?

（A）Go to the Network Activity tab and run a quick search with the "access" keyword.

（B）Go to the Log Activity tab and run a quick search with the "access" keyword.

（C）Go to the Offenses tab and run a quick search with the "access" keyword.

（D）Go to the Log Activity tab and run this AOL: select * from events where eventname like 'access'.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

From the Offense Summary window, how is the list of rules that contributed to a chained offense identified?

（A）Select Display > Notes

（B）Select Display > Rules

（C）Listed in the notes section

（D）Select Actions > Rules

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which two (2) are valid options available for configuring the frequency of report execution in the QRadar Report wizard?

（A）Yearly

（B）Monthly

（C）Manually

（D）Automatically

（E）Quarterly

正解：B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which property types can be used to reduce the overall data volume searched and shorten search time to address searches taking longer than expected?

（A）Indexed properties

（B）Tabled properties

（C）Stored properties

（D）Common properties

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which two (2) types of data can be displayed by default in the Application Overview dashboard?

（A）ICMP Type/Code (Total Packets)

（B）Flow Rate (Flows per Second - Peak 1 Min)

（C）Outbound Traffic by Country (Total Bytes)

（D）Top Applications (Total Bytes)

（E）Login Failures by User {real-time)

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

On which lab can an analyst perform a "Flow Bias" Quick Search?

（A）Network Activity tab

（B）Asset Management app

（C）Log Source Management app

（D）Log Activity tab

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

An analyst is looking at flow payload. The analyst noted the payload is truncated.
|at default value size for the payload is exceeded where the payload might contain additional information that is not shown in the QRadar surface?

（A）32 bytes

（B）128 bytes

（C）64 bytes

（D）256 bytes

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which parameter should be used if a security analyst needs to filter events based on the time when they occurred on the endpoints?

（A）Review "Time Period"

（B）Inspect "Log Time interval"

（C）Examine "Log Source Time"

（D）Evaluate "Storage Time"

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

C1000-162 無料問題集「IBM Security QRadar SIEM V7.5 Analysis」

弊社を連絡する

関連リンク

トップ試験