QRadar analysts can download different types of content extensions from the IBM X-Force Exchange portal.
Which two (2) types of content extensions are supported by QRadar?
A. Events
B. Flows
C. Offenses
D. FGroup
E. Custom Functions
正解:C,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?
A. OFFENSES
B. AOL QUERY
C. PAYLOAD
D. SAVED SEARCHES
E. ASSETS
正解:A,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?
正解:
質問 4:
Which two (2) AQL functions are used for calculations and formatting?
A. GROUP BY
B. START
C. LOWER
D. STRLEN
E. INCIDR
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
What are two characteristics of a SIEM? (Choose two.)
A. Event Normalization & Correlation
B. Log Management
C. System Deployment
D. Enterprise User management
E. Endpoint Software patching
正解:A,B
質問 6:
When an analyst is investigating an offense, what is the property that specifies the device that attempts to breach the security of a component on the network?
A. Destination IP
B. Port
C. Source IP
D. Network
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
In QRadar. common rules test against what?
A. They test against event and flow data
B. They test against incoming flow data that is processed by the QRadar Flow Processor
C. They test against incoming log source data that is processed by QRadar Event Processor
D. They test the parameters of an offense to trigger more response
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
池田** -
二つの問題集を買い、全ての問題を暗記して、早速受験してみて、C1000-162 C1000-055二つも無事に合格したよ。使いやすかった。