000-195 - IBM Security QRadar V7.0 MR4

Go back to IBM

Example Questions

How can a user search to show only hosts with vulnerabilities? Which protocol can be used to send reports? What is an Offense Type? Which two pages or tabs are added to the IBM Security QRadar V7.0 MR4 (QRadar) Log Management product after it has been upgraded to QRadar SIEM? (Choose two.) The remote directory field can be left blank for which protocol? In the All Offenses dialog box, which column are the offenses sorted by default? What are two examples of an exact search phrase for finding Firewall deny events using the Quick Filter? (Choose two.) What is the Identity Information section used for? 29 http:// What action must be taken to view reports related to PCI specifically? What is an example of a correctly written single character wild card search term using the Quick Filter? By default how often is the information on the Dashboard refreshed? How can a user cancel a running report in IBM Security QRadar V7.0 MR4? How many default dashboards are included in IBM Security QRadar V7.0 MR4? What are two instances when IBM Security QRadar V7.0 MR4 performs a magnitude re-evaluation for an offense? (Choose two.) Which steps are required to see hidden offenses in IBM Security QRadar V7.0 MR4 (QRadar)? When investigating an offense, what is the best option to gather information about the destination,IP addresses within IBM Security QRadar V7.0 MR4? If a user wants to search for Windows user login failures, which high/low level category should be used? What is the difference between a report and a search in IBM Security QRadar V7.0 MR4? Which event search group contains default PCI searches? 2 http:// Which statement about log source identifiers is true for the same log source identifier to be used more than once? How is the real time streaming of payloads for events viewed? Which item in the IBM Security QRadar V7.0 MR4 interface provides a context sensitive help page which is available for any page, window, or section? A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked? What effect does the Offense Retention period have on closed offenses and who can modify this period? What two tasks can be performed from the Assets tab? (Choose two.) Which option must be selected to view the results of previously run searches from the Log Activity tab? How does IBM Security QRadar V7.0 MR4 (QRadar) use the information from vulnerability scanners? Using the regex * (RecordNumber) = (. *?)\s', which capture group should be used to capture the digits? When working with rules, why do some rules specify QID values and some specify events? Where are QID values displayed? Which flow source is most often sampled? How does a user search for events by high/low level category? What are two IT Security Frameworks? (Choose two.) How would a user navigate to the Help menu in the IBM Security QRadar V7.0 MR4 (QRadar) interface? 7 http:// What are vulnerability scanners? Which search property is required for a user to create a Time Series chart? Which statement is most accurate regarding the information that NetFlow provides? How can a user quickly add a filter? A flow is always based on what? Using Quick Filter, what is a correct search term to find Blocked related activities in the payload? Offenses can be exported to which two file formats? (Choose two.) Why is coalescing important to a non-admin user? How can a user quickly reload the default filter in their current tab? Which column in the log activity displays the coalesced value? Given the IBM Security Framework, IBM Security QRadar V7.0 MR4 fits into which two security domains? (Choose two.) What must be done in order to save a search criteria as a quick search? How can a report be set up with restricted user access? How can a user clear all filters and return to the default search in the Log Activity user interface? Which search parameter in the Log Activity tab must be used to filter events by activity (e.g. SSH Login Succeeded)? What is the rule for using the Quick Filter to group terms using logical expressions such as AND, OR, and NOT?