1. which of the following information is NOT listed in offense summary?

MAC Address

2. which of the following provide insight why QRadar SEIM considers that event or observed
traffic threatening?
Annotations

3. Which of the following flow detection method is only used when users have a proprietary application
running on their network.?

User defined

4. event are accumulated and stored accumulated in database?

Aril Arail

5. Give an overview of QRadar SIEM dashboards by stating any three facts.

Dashboard overview: 

-Qradar SIEM shows the Dashboards tab when you log in. 
-You can create multiple dashboards.
-Each dashboard can contain items that provide summary and detailed information. 
-Six default dashboards are available.  
-You can create custom dashboards to focus on your security or operations 
-Each dashboard is associated with a user.       
-Changes that you make to dashboards do not affect the dashboards of other users. 

6. describe what is the offense is and give three examples of an offense:

• An offense represents a suspected attack or policy breach. Some common offenses

include these examples:
 Multiple login failures
 Worm infection
 P2P traffic
 Scanner reconnaissance
• Treat offenses as security incidents and have a security analyst investigate them.

Some of the most common offenses that a typical security analyst investigates include:
• Clear Text Application Usage
• Remote Desktop Access from the Internet
• Connection to a remote proxy or anonymization service
• SSH or Telnet detected on Non-Standard Port
• Large Outbound Transfer
 • Communication to a known Bot Command and Control
• Local IRC Server detected

7. If an Open Offense did not find additional matches for more than 30 minutes, it becomes a ________

Dormant Offense

8. offenses, assets, and identify information are stores in the master _________ database on the Console.

PostgreSQL

9. What is the maximum of items a dashboard can have?

15

10. Users can change their password in the __________ tab, if they authenticate with the local system
authentication of QRadar SIEM. 

Preferences

11. ‫ السؤال جدول‬the offense type

source IP

12. which of the following best describes relevance in QRadar mangtude ?

includes importance of the destination

13. QRadar SIEMs prime benefit for security analysts is that it detects suspicious activities and ties them
together into _______

offenses.

14. The _________ creates new assets or adds open ports to existing assets based on information from the Eps:

Vulnerability Information Server (VIS) 

15. QRadar SIEMs Magistrate rates each offense by its:

Magnitude

16. The offenses summary window includes all the flowing EXCEPT:
Custom rule engine

17. Which is NOT component of offense magnitude?

integrity

18. which of the following searches the accumulator database for anonym which are then used
offense evolution ?

anomaly detection engine

19. offenses should treated as?

security incidents

20. In QRadar magnitude which of the following describes sevenity?

indicates the reliability of the witness

21. QRadar SIEM __________ normalizes events and classifies them into low- and high-level
categories.

Event Collector

22. QRadar SIEM logical components and data flow:

Central User Console

-Magistrate (manages offense creation and -magnitude)
-Global correlation across flow and event processors
-Offense management 
-Asset and identity management

Event Processor
-Rule Processor
-Storage for events, accumulated meta data
-Storage for flows, accumulated meta data

Event Collector
-Log event collection, coalescing, and normalization
-Third-party flow collection such as NetFlow, sFlow, J-Flow, deduplication, and recombination

Flow Collector
-QFlow and Superflow creation, and -application detection