Which filter would an analyst apply in the Log Activity tab to get a list of log sources not reporting to QRadar?
A. Custom rule equals device stopped sending events
B. Log source status does not equal error
C. Log source status does not equal active
D. Log source type does not equal active
正解:C
質問 2:
Which QRadar component stored Offenses?
A. Console
B. Data Node
C. Event Processor
D. Event Collector
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An analyst aims to improve the detection capabilities on all the Offense rules. QRadar SIEM has a tool that allows the analyst to update all the Building Blocks related to Host and Port Definition in a single page.
How is this accomplished?
A. Assets -> Server Discovery
B. Assets -> Asset Profiles
C. Admin -> Asset Profile Configuration
D. Admin -> Reference Set management
正解:A
質問 4:
From which tab in QRadar SIEM can an analyst search vulnerability data and remediate vulnerabilities?
A. Assets
B. Log Activity
C. Admin
D. Dashboard
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
There are 5 authentication servers that report to different Event Processors. There is a requirement to generate an Offense if there are 5 consecutive failed logins detected across any of the 5 Event Processors.
Which type of rule should the analyst create?
A. Local Rule
B. Offense Rule
C. Persistent Rule
D. Global Rule
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An analyst has been assigned a task to modify a rule in such a manner that Source IP of the triggered Offense from this rule should be stored in a Reference set.
Under which section of the rule wizard can the analyst achieve this?
A. Rule Response Limiter
B. Rule Response
C. Rule Test Stack Editor
D. Rule Action
正解:C
質問 7:
An analyst has been assigned a number of Offenses to review and a new event occurs, review and manage.
While reviewing an inactive offense, a new event occurs.
Which statement applies to the Offense?
A. The event is added to the Offense and the status is changed to Dormant.
B. The event is added to the Offense and the status is changed to Active.
C. The event is added in a new Offense that is created.
D. The rule that created the Offense is temporarily halted.
正解:A
質問 8:
What is a valid offense naming mechanism?
This information should:
A. replace the naming of the associated offense(s).
B. set the naming of the associated offense(s).
C. be included in the naming of the associated offense(s).
D. set or replace the naming of the associated offense(s).
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
Kikuchi -
ほとんどの出題範囲をカバーしているC1000-018問題集にある内容だけ全部覚えて受験して、そのまま合格になったんだ