Professional Documents
Culture Documents
1
What is a unique feature of AQL filtering?
Your answer
That's rIght!
Question 2
Which two search criteria are required to add a custom Dash
Your answer
B. Grouped
Your answer
Your answer
D. Compiled
Question 3
Passive network flow analytics provides what benefit?
Your answer
D. processes third-party network and QFlow through the CRE and stores the flows
Your answer
Your answer
Question 5
Which two statements are true regarding compliance
and control within today's organizations' IT structures?
Your answer
A. inform security analysts about a breach the moment an attacker penetrates the perimeter
Your answer
D. implement proper privileged identity management to restrict access to high value assets
Question 7
Which data source can add and update information
about currently-running software products to
an asset profile?
Your answer
A. firewall logs
B. flow data
D. system logs
Question 8
If a system uses multiple network adapters on
multiple networks but a user can only view one of
the networks, how will the system appear in the
QRadar Dashboard for that user?
Your answer
C. A 'Hidden Data' message box will appear when reviewing results.
D. The user will not see the system asset profile at all.
Question 9
Which type of object does an asset profile describe?
Your answer
A. Service
B. Operating System
C. Network
D. Host
Question 10
In order to add new assets, which field can be included
in a CSV file when importing it into QRadar SIEM?
Your answer
A. MAC address
B. IP address
C. Operating System
Your answer
D. Vulnerabilities
Question 11
How can a MAC address be entered for an asset?
Your answer
A. application architecture
B. conceptual architecture
C. logical architecture
D. facilities architecture
E. network architecture
Question 14
Which statement describes the process of
Vulnerability Management within the Operations
discipline of the O-ESA Enterprise Security
Architecture?
Your answer
A. The process for identifying high-risk infrastructure components, assessing their vulnerabilitie
risk to the operational environment.
Your answer
Question 15
Which statement represents a characteristic of
today's social media as it relates to IT?
Your answer
A. It allows users greater choice while reducing security risks to the network itself.
B. By its very nature, mobile technology is outside of an organization's physical network perimeter
and control.
C. Asset management is no longer a concern since the company does not own the devices.
D. Companies no longer have to worry about the separation between work and personal data.
Question 17
Which statement is true concerning false positive
flows?
Your answer
A. They are processed, displayed under Network Activity, and stored by QRadar SIEM.
Question 18
What is a benefit of configuring a superflow in
QRadar SIEM?
Your answer
Question 19
You are reviewing events listed under the Network
Activity tab. Some of the events have a 'C' listed
after the number of Source Bytes. What does this
mean?
Your answer
Question 20
Which Superflow attack type is profiled by the
following characteristics: single source IP address
over many ports to a single destination IP address?
Your answer
B. Type A: broadcast
Question 21
You are creating a false positive flow using QRadar
SIEM and selecting the traffic direction of the flow.
Why would you rarely, if ever, designate the traffic
direction as being 'Any Source to any Destination?'
Your answer
C. 64 bytes
D. 1024 bytes
Question 23
What does a 'false positive' designation do to a log
or flow event?
Your answer
Question 24
You are viewing a list of events within the 'List of
Events' display. You are currently highlighting a
firewall event with an IP address of 172.16.56.3,
involving a potentially malicious host. In exact order,
which two steps should you take in order to monitor
the designated malicious source IP?
Your answer
A. Add a filter on the IP address, and then delete the offense filter with the Clear Filter option.
B. Set the IP address as a normalized event, and then filter on the IP address.
C. Clear the offense filter, and then add filter on the IP address.
D. Identify the IP address as a false positive, and then clear the offense filter.
Question 25
What does the 'Log Source' field record?
Your answer
Question 26
How is the raw payload of an event or flow stored by
QRadar SIEM?
Your answer
Question 27
What is a negative implication of enabling time
series data?
Your answer
Question 28
Which three types of information are included in the
default 'List of Events' page?
Your answer
A. Source IP
B. QID
C. Event Name
D. Log Source
E. Protocol
Question 29
What is a unique feature of AQL filtering?
Your answer
Your answer