Free IBM QRadar SIEM V7.3.2 Fundamental Analysis Exam C1000-018 Exam Practice Test

An analyst needs to investigate why an Offense was created.How can the analyst investigate?

• Review the Offense summary to investigate the flow and event details.
  
• Review the X-Force rules to investigate the Offense flow and event details.
  
• Review pages of the Asset tab to investigate Offense details.
  
• Review the Vulnerability Assessment tab to investigate Offense details.
  

Which filter would an analyst apply in the Log Activity tab to get a list of log sources not reporting to QRadar?

• Log source status does not equal active
  
• Custom rule equals device stopped sending events
  
• Log source type does not equal active
  
• Log source status does not equal error
  

What is required to create an anomaly rule?

• triggered events
  
• a grouped saved search
  
• triggered flows
  
• baseline anomalies
  

What are the different flow types in QRadar?

• L2L, L2R, R2R, R2L
  
• Standard, Type A, Type B, Type C
  
• Standard, Type 1, Type2, Type 3
  
• Type 1, Type 2, Type 3, Type 4
  

There are 5 authentication servers that report to different Event Processors. There is a requirement to generate an Offense if there are 5 consecutive failed logins detected across any of the 5 Event Processors.Which type of rule should the analyst create?

• Global Rule
  
• Persistent Rule
  
• Local Rule
  
• Offense Rule
  

What is a valid offense naming mechanism?This information should:

• set the naming of the associated offense(s).
  
• set or replace the naming of the associated offense(s).
  
• replace the naming of the associated offense(s).
  
• be included in the naming of the associated offense(s).
  

An analyst noticed that from a particular subnet (203.0.113.0/24), all IP addresses are simultaneously trying to reach out to the company's publicly hosted FTP server.The analyst also noticed that this activity has resulted in a Type B Superflow on the Network Activity tab-Under which category, should the analyst report this issue to the security administrator?

• Port Scan
  
• Syn Flood
  
• DDoS
  
• Network Scan
  

Why would an analyst update host definition building blocks in QRadar?

• To reduce false positives.
  
• To narrow a search.
  
• To stop receiving events from the host.
  
• To close an Offense
  

An analyst is working on Offense management and finds that a few of the offenses are not being removed from the Offense tab even after the Offense retention period has elapsed.What could be the reason that these offenses are not being removed?

• Offense has been annotated
  
• Offense is inactive
  
• Offense is released
  
• Offense is protected
  

An analyst wants to find all events where Process name includes reference to exe files. Which quick search will return the expected result?

• (Process name) AND /.*exe/
  
• /Process name/AND (/exe) )
  
• /Process name/ AND /.*exe/
  
• 'Process name' AND '*exe'