000-195 - IBM Security QRadar V7.0 MR4
Go back to IBM
How can a user search to show only hosts with vulnerabilities?
Check the Show Only Hosts with Vulnerabilities checkbox
Which protocol can be used to send reports?
What is an Offense Type?
The index option chosen in the rule that created the offense
Which two pages or tabs are added to the IBM Security QRadar V7.0 MR4 (QRadar) Log Management product after it has been upgraded to QRadar SIEM? (Choose two.)
The remote directory field can be left blank for which protocol?
In the All Offenses dialog box, which column are the offenses sorted by default?
What are two examples of an exact search phrase for finding Firewall deny events using the Quick Filter? (Choose two.)
Firewall + deny
What is the Identity Information section used for? 29 http://
To show the user information relative to an event
What action must be taken to view reports related to PCI specifically?
Click on the Group drop-down menu and select the category.
What is an example of a correctly written single character wild card search term using the Quick Filter?
By default how often is the information on the Dashboard refreshed?
Every 60 seconds
How can a user cancel a running report in IBM Security QRadar V7.0 MR4?
A running report cannot be canceled
How many default dashboards are included in IBM Security QRadar V7.0 MR4?
What are two instances when IBM Security QRadar V7.0 MR4 performs a magnitude re-evaluation for an offense? (Choose two.)
At scheduled intervals
When each event or flow is added
Which steps are required to see hidden offenses in IBM Security QRadar V7.0 MR4 (QRadar)?
From the Offenses page, navigate to All Offenses and open the Search menu. Select Edit Search and in the Search Parameters section, uncheckthe box Exclude Hidden Offenses.
When investigating an offense, what is the best option to gather information about the destination,IP addresses within IBM Security QRadar V7.0 MR4?
Analyze the destination IP addresses and look for critical services to determine if they are local or remote
If a user wants to search for Windows user login failures, which high/low level category should be used?
Authentication/User Login Failure
What is the difference between a report and a search in IBM Security QRadar V7.0 MR4?
A report is a document that represents the output of searches. Results of multiple searches can be integrated into a single report.
Which event search group contains default PCI searches? 2 http://
Which statement about log source identifiers is true for the same log source identifier to be used more than once?
It must be unique amongst log sources of the same type
How is the real time streaming of payloads for events viewed?
Display drop-down > Raw Events
Which item in the IBM Security QRadar V7.0 MR4 interface provides a context sensitive help page which is available for any page, window, or section?
The question mark in the far right corner
A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked?
What effect does the Offense Retention period have on closed offenses and who can modify this period?
The Offense Retention period determines how long a closed offense will be kept in the database before it is deleted. The only person who can modify this period is an IBM Security QRadar V7.0 MR4 (QRadar) admin.
What two tasks can be performed from the Assets tab? (Choose two.)
Manually add asset profiles
Search assets that match specific attributes
Which option must be selected to view the results of previously run searches from the Log Activity tab?
Manage Search Results
How does IBM Security QRadar V7.0 MR4 (QRadar) use the information from vulnerability scanners?
The information can be used to determine if an asset is vulnerable to an exploit.
Using the regex * (RecordNumber) = (. *?)\s', which capture group should be used to capture the digits?
When working with rules, why do some rules specify QID values and some specify events?
QID values are more precise; multiple QIDmap entries can be to same event name.
Where are QID values displayed?
In the Additional Information section of the event
Which flow source is most often sampled?
How does a user search for events by high/low level category?
Add Filter icon > Category drop-down
What are two IT Security Frameworks? (Choose two.)
How would a user navigate to the Help menu in the IBM Security QRadar V7.0 MR4 (QRadar) interface? 7 http://
Help > QRadar Help Content
What are vulnerability scanners?
It is an automated process that periodically checks computers for known vulnerabilities.
Which search property is required for a user to create a Time Series chart?
Have a saved search with a Grouped By option enabled
Which statement is most accurate regarding the information that NetFlow provides?
The start time and duration of the conversation, the source and destination IP address, the IP port number the data was sent to and received over, and the total bytes transferred.
How can a user quickly add a filter?
Click the Add Filter menu icon
A flow is always based on what?
unicast. multicast, and anycast traffic
Using Quick Filter, what is a correct search term to find Blocked related activities in the payload?
Offenses can be exported to which two file formats? (Choose two.)
Why is coalescing important to a non-admin user?
It makes events easier to read in the Log Activity screen.
How can a user quickly reload the default filter in their current tab?
Double-click the Tab button
Which column in the log activity displays the coalesced value?
Given the IBM Security Framework, IBM Security QRadar V7.0 MR4 fits into which two security domains? (Choose two.)
Infrastructure, Network, or Endpoint
IT Security/Compliance Analytics and Reporting
What must be done in order to save a search criteria as a quick search?
Select Save Criteria and select Include in my Quick Searches
How can a report be set up with restricted user access?
Select the appropriate users on the Report Editing wizard to access the reports
How can a user clear all filters and return to the default search in the Log Activity user interface?
Double-click the Log Activity tab
Which search parameter in the Log Activity tab must be used to filter events by activity (e.g. SSH Login Succeeded)?
What is the rule for using the Quick Filter to group terms using logical expressions such as AND, OR, and NOT?
The syntax is case sensitive and the operators must be upper case to be recognized as logical expressions and not as search terms.