Practice C1000-139 Exam Online

Question 1

An analyst reviewed an active offense that was many attackers, generating many events in the same category, targeting many systems. Upon further analysis, the analyst determined that the traffic from the attackers is legitimate and should not contribute to the offenses. Which tuning methodology guideline can the analyst use to tune out this traffic?

A : Edit building blocks by using the Custom Rules Editor to tune the category.

B : Use the Log Source Management app to tune the category.

C : Use the False Positive Wizard to tune the specific event.

D : Edit the building blocks by using the Custom Rules Editor to tune the specific event.

Answer: A

Question 2

Which are stored events?

A : All events in QRadar

B : Events which cannot be coalesced

C : Events that cannot be understood or parsed by QRadar

D :

Events that do not have the storage time in the payload

Answer: C

Question 3

An analyst had been researching an Offense that has now disappeared from the active Offense list. What is the period of time that has to pass before an active Offense that receives no new contributing events or flows become inactive?

A : 5 days

B : 3 days

C : 24 hours

D : 1 hour

Answer: A

Question 4

A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system. Which of these approaches provides an accurate copy of the required data in a readable format?

A : By using the Advanced Search option in the Log Activity tab, run an AQL command: COPY(SELECT * FROM events LAST 2 HOURS) TO 'output_events.csv' WITH CSV.

B : Log in to the Command Line Interface and use the ACP tool (/opt/qradar/bin/runjava.sh com.q1labs.ariel.io.ACP) with the necessary AQL filters and destination directory.

C : By using the "Event Export (with AQL)" option in the Log Activity tab, test your query with the Test button. Then, to run the export, click Export to CSV.

D : By using the Log Activity tab, filter the events until only those that you require are shown. Then, from the Actions list, select Export to CSV > Full Export (All Columns) to download a ZIP file.

E : L

Answer: D

Question 5

What is a difference between a flow and an event?

A :

An event occur at a moment in time while flows have a duration from the flow source.

B : A flow is a record from a log source, such as a firewall or router device, that describes an action on a network. An event analysis provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

C : A flow occurs at a moment in time while events have a duration from a log source.

D : An event is a record from a log source, such as a firewall or router device, that describes an action on a network. A flow record provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

Answer: D

Name:	IBM Security QRadar SIEM V7.4.3 Analysis
Exam Code:	C1000-139
Certification:	IBM Certified Deployment Professional
Vendor:	IBM
Total Questions:	100
Last Updated:	Apr 25, 2024

IBM C1000-139