Professional Documents
Culture Documents
MAC Address
2. which of the following provide insight why QRadar SEIM considers that event or observed
traffic threatening?
Annotations
3. Which of the following flow detection method is only used when users have a proprietary application
running on their network.?
User defined
Dashboard overview:
-Qradar SIEM shows the Dashboards tab when you log in.
-You can create multiple dashboards.
-Each dashboard can contain items that provide summary and detailed information.
-Six default dashboards are available.
-You can create custom dashboards to focus on your security or operations
-Each dashboard is associated with a user.
-Changes that you make to dashboards do not affect the dashboards of other users.
Some of the most common offenses that a typical security analyst investigates include:
• Clear Text Application Usage
• Remote Desktop Access from the Internet
• Connection to a remote proxy or anonymization service
• SSH or Telnet detected on Non-Standard Port
• Large Outbound Transfer
• Communication to a known Bot Command and Control
• Local IRC Server detected
7. If an Open Offense did not find additional matches for more than 30 minutes, it becomes a ________
Dormant Offense
8. offenses, assets, and identify information are stores in the master _________ database on the Console.
PostgreSQL
10. Users can change their password in the __________ tab, if they authenticate with the local system
authentication of QRadar SIEM.
Preferences
source IP
13. QRadar SIEMs prime benefit for security analysts is that it detects suspicious activities and ties them
together into _______
offenses.
14. The _________ creates new assets or adds open ports to existing assets based on information from the Eps:
16. The offenses summary window includes all the flowing EXCEPT:
Custom rule engine
18. which of the following searches the accumulator database for anonym which are then used
offense evolution ?
21. QRadar SIEM __________ normalizes events and classifies them into low- and high-level
categories.
Event Collector
Event Processor
-Rule Processor
-Storage for events, accumulated meta data
-Storage for flows, accumulated meta data
Event Collector
-Log event collection, coalescing, and normalization
-Third-party flow collection such as NetFlow, sFlow, J-Flow, deduplication, and recombination
Flow Collector
-QFlow and Superflow creation, and -application detection