Practice C1000-162 Exam Online

Question 1

An analyst wishes to review an event which has a rules test against both event and flow data. What kind of rule is this?

A : Anomaly rules

B : Threshold rules

C : Offense rules

D : Common rules

Answer: A

Question 2

When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?

A : ASSETS

B : PAYLOAD

C : OFFENSES

D : AOL QUERY

E : SAVED SEARCHES

Answer: A,C

Question 3

Which type of rule requires a saved search that must be grouped around a common parameter

A : Flow Rule

B : Event Rule

C : Common Rule

D : Anomaly Rule

Answer: B

Question 4

What is the primary use of viewing the Magnitude metric on the Offenses tab?

A : Determine which events to investigate last.

B : Determine the credibility rating that is configured in the log source.

C : Understand the type of offense we are facing.

D : Identify the importance of the offense in your environment.

Answer: D

Question 5

A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?

A : The full list of AQL databases, functions and fields (properties) is displayed.

B : The full list of AQL tables and relationships from a database is displayed.

C : The full list of AOL functions, fields (properties), and keywords is displayed.

D : The full list of AQL functions, tables, and views from a database is displayed.

Answer: A

Name:	IBM Certified Analyst - Security QRadar SIEM V7.5
Exam Code:	C1000-162
Certification:	IBM Certified Analyst
Vendor:	IBM
Total Questions:	128
Last Updated:	Apr 22, 2024

IBM C1000-162