Practice C1000-139 Exam Online

Question 1

An analyst had been researching an Offense that has now disappeared from the active Offense list. What is the period of time that has to pass before an active Offense that receives no new contributing events or flows become inactive?

A : 5 days

B : 3 days

C : 24 hours

D : 1 hour

Answer: A

Question 2

What is the procedure to re-open a closed Offense?

A : A closed Offense cannot be re-opened.

B : Wait for new events/flows that will re-open the closed Offense.

C : Activate the Offense in the action/re-open drop down menu of the Offense tab.

D : Activate the Offense in action/re-open drop down menu in the Admin tab.

Answer: A

Question 3

If a security analyst needs to filter Events according to when they occurred, which parameter should be used?

A : Start Date

B : Start Time

C : Storage Time

D : Log Source Time

Answer: D

Question 4

A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system. Which of these approaches provides an accurate copy of the required data in a readable format?

A : By using the Advanced Search option in the Log Activity tab, run an AQL command: COPY(SELECT * FROM events LAST 2 HOURS) TO 'output_events.csv' WITH CSV.

B : Log in to the Command Line Interface and use the ACP tool (/opt/qradar/bin/runjava.sh com.q1labs.ariel.io.ACP) with the necessary AQL filters and destination directory.

C : By using the "Event Export (with AQL)" option in the Log Activity tab, test your query with the Test button. Then, to run the export, click Export to CSV.

D : By using the Log Activity tab, filter the events until only those that you require are shown. Then, from the Actions list, select Export to CSV > Full Export (All Columns) to download a ZIP file.

E : L

Answer: D

Question 5

An analyst needs to investigate an Offense and navigates to the attached rule(s). Where in the rule details would the analyst investigate the reason for why the rule was triggered?

A : Rule response limiter

B : List of test conditions

C : Rule actions

D : Rule responses

Answer: B

Name:	IBM Security QRadar SIEM V7.4.3 Analysis
Exam Code:	C1000-139
Certification:	IBM Certified Deployment Professional
Vendor:	IBM
Total Questions:	100
Last Updated:	Apr 25, 2024

IBM C1000-139