Which key elements does the Report Wizard use to help create a report?
A. Layout, Container, Content
B. Container, Orientation, Layout
C. Report Classification, Time, Date
D. Pagination Option, Orientation, Date
What is the primary goal of data categorization and normalization in QRadar?
A. It allows data from different kinds of devices to be compared.
B. It preserves original data allowing for forensic investigations.
C. It allows for users to export data and import it into other system.
D. It allows for full-text indexing of data to improve search performance.
What are the two available formats for exporting event and flow data for external analysis? (Choose two.)
A. XML
B. DOC
C. PDF
D. CSV
E. HTML
Which information can be found under the Network Activity tab?
A. Flows
B. Events
C. Reports
D. Offenses
Which type of tests are recommended to be placed first in a rule to increase efficiency?
A. Custom property tests
B. Normalized property tests
C. Reference set lookup tests
D. Payload contains regex tests
How does flow data contribute to the Asset Database?
A. Correlated Flows are used to populate the Asset Database.
B. It provides administrators visibility on how systems are communicating on the network.
C. Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.
D. It delivers vulnerability and ports information collected from scanners responsible for evaluating network assets.
What are two characteristics of a SIEM? (Choose two.)
A. Log Management
B. System Deployment
C. Endpoint Software patching
D. Enterprise User management
E. Event Normalization and Correlation
A mapping of a username to a user's manager can be stored in a Reference Table and output in a search
or a report.
Which mechanism could be used to do this?
A. Quick Search filters can select users based on their manager's name.
B. Reference Table lookup values can be accessed in an advanced search.
C. Reference Table lookup values can be accessed as custom event properties.
D. Reference Table lookup values are automatically used whenever a saved search is run.
Which kind of information do log sources provide?
A. User login actions
B. Operating system updates
C. Flows generated by users
D. Router configuration exports.
Which browser is officially supported for QRadar?
A. Safari version 9.0.3
B. Chromium version 33
C. 32-bit Internet Explorer 9
D. Firefox version 38.0 ESR
A Security Analyst was asked to search for an offense on a specific day. The requester was not sure of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which filters can the Security Analyst use to search for the information requested?
A. Offense ID, Source IP, Username
B. Magnitude, Source IP, Destination IP
C. Description, Destination IP, Host Name
D. Specific Interval, Username, Destination IP
What can be considered a log source type?
A. ICMP
B. SNMP
C. Juniper IDP
D. Microsoft SMBtail
Which approach allows a rule to test for Active Directory (AD) group membership?
A. Import the AD membership information into the Asset Database using AXIS and use an asset rule test
B. Use the build-in LDAP integration to execute a search for each event as it is received by the Event Processor to test for group membership
C. Maintain reference data for the AD group(s) of interest containing lists of usernames and then add rule tests to see if the normalized username is in the reference data
D. Export the AD group membership information to a CSV file and place it in the /store/AD_mapping.csv
file on the console, then use the `is a member of AD group' test in the rule
A Security Analyst, looking at a Log Activity search result, wants to limit the results to one Log Source.
Which right-click method would be the fastest way for the Security Analyst to ensure this?
A. Right click on a Log Source name, then select Filter on Log Source is
B. Right click on a Source IP Address, then select Filter on Log Source is
C. Right click on the Log Source Type name, then select Filter on Log Source Group is
D. Right click on the Log Source Group name, then select Filter on Log Source Group is
Events and Flows both have multiple different timestamps available to them. Which timestamp is available to both events and flows?
A. End Time
B. Storage Time
C. First Activity Time
D. Last Activity Time