CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IBM
  5. C1000-018

Free C1000-018 Exam Braindumps (page: 3)

Page 2 of 26
PDF with 103 Questions

An analyst has been assigned a task to modify a rule in such a manner that Source IP of the triggered Offense from this rule should be stored in a Reference set.
Under which section of the rule wizard can the analyst achieve this?

  1. Rule Response
  2. Rule Action
  3. Rule Test Stack Editor
  4. Rule Response Limiter

Answer(s): C



An analyst for a particular offense needs to investigate to understand the breakdown of the offense details. How can the analyst do this?

  1. Look at the magnitude information and its breakdown.
  2. View the attack path of the offense.
  3. Look at all the event QIDs attached to the offense.
  4. Look at the list of categories, event low level categories and the events attached.

Answer(s): A


Reference:

https://www.ibm.com/docs/en/qradar-on-cloud?topic=offenses-offense-investigation



Which QRadar timestamp specifies when the event was received from the log source?

  1. Collect time
  2. Start time
  3. Storage time
  4. Log Source time

Answer(s): B


Reference:

https://www.ibm.com/mysupport/s/question/0D50z00006PEG2mCAH/why-do-i-see-different-time-stamps-for-qradar-events?language=en_US



An analyst notices that there are a number of invalid Offenses being created from a network node. This node has been determined to be in Domain 2 and has the following log sources sending it events: (3Com 8800 Series Switch from 172.18.1.1, Cisco ACE Firewall from 172.18.1.2, FireEye from 172.18.1.3, and Palo Alto PA Series from 172.18.1.8).

The analyst should create a False Positive Building Block that has a filter:

  1. "when the destination IP is in 172.18.0.0/16"
  2. "when the local network is Domain 2 and when the source IP is in 172.18.0.0/16"
  3. "when the remote IP is one of the following 172.18.1.1, 172.18.1.2. 1.3 172. 18.18.1.8
  4. "when the local network is Domain 2 and when the source IP is in 172.18.0.0/16"

Answer(s): D






Post your Comments and Discuss IBM C1000-018 exam with other Community members:

C1000-018 Exam Discussions & Posts