C2150-195 - IBM Security QRadar V7.0 MR4 Fundamentals

Go back to IBM

Example Questions

What is an example of a correctly written single character wild card search term using the Quick Filter? Which column in the log activity displays the coalesced value? When investigating an offense, what is the best option to gather information about the destination IP addresses within IBM Security QRadar V7.0 MR4? What is required for a custom report to be generated? What is the main difference between a QFlow record versus a netflow capable router or switch? How can a user search to show only hosts with vulnerabilities? Which item in the IBM Security QRadar V7.0 MR4 interface provides a context sensitive help page which is available for any page, window, or section? Which high level category is used for IBM Security QRadar V7.0 MR4 internal monitoring? Approximately how many default reports are included in IBM Security QRadar V7.0 MR4? By default how often is the information on the Dashboard refreshed? Which two fields are common in the Network Activity and Log Activities tabs? (Choose two.) When investigating an offense, how can a user gather information about the source IP address within IBM Security QRadarV7.0MR4? How can a user cancel a running report in IBM Security QRadar V7.0 MR4? How does IBM Security QRadar V7.0 MR4 (QRadar) use the information from vulnerability scanners? What is the most likely issue with creating a custom property with a bad regex? Which four fields are used when importing assets from a CSV file? A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked? What are vulnerability scanners? How can a user display Raw events? Which statement is most accurate regarding the information that NetFlow provides? Which flow direction would a user specify in order to see flows that are solely related to traffic that originates from the internal networks to external networks? For any Dashboard workspace, which two methods can be used to zoom into any of the spikes in traffic? (Choose two.) Where would a user set a searched view as the default view? The remote directory field can be left blank for which protocol? Where are QID values displayed? Which search property is required for a user to create a Time Series chart? What is used to parse an event (log record) in IBM Security QRadar V7.0 MR4? What is the Identity Information section used for? What are two instances when IBM Security QRadar V7.0 MR4 performs a magnitude re-evaluation for an offense? (Choose two.) Which protocol can be used to send reports? Where would a user look to see the entire payload of an event? Which regex should be used to capture only the domain name blackbox.computerfor all future machine names based on this example? `Computer=3 8 9.blackbox.computer' How can a user pause live streaming events? A user is complaining of slow traffic on a specific network segment. An administrator is investigating the source of the congestion using the IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. The administrator has drilled down into the details of a traffic spike and is now on the Details tab. What information is shown when double-clicking on the top application in the list? If an IBM Security QRadar V7.0 MR4 operator wants to make the log data view/search available as a Dashboard item, what specifically must be done with the saved log search? Which option must be selected to view the results of previously run searches from the Log Activity tab? How can a user quickly add a filter? A flow is always based on what? How is the real time streaming of payloads for events viewed? How can the time zone be changed for an existing report? Using the regex * (RecordNumber) = (. *?)\s', which capture group should be used to capture the digits? If an IBM Security QRadar V7.0 MR4 operator wants to detect a specific data string in the flow content, which search parameter should be used as a filter? When working with rules, why do some rules specify QID values and some specify events? What are two IT Security Frameworks? (Choose two.) What two tasks can be performed from the Assets tab? (Choose two.) What effect does the Offense Retention period have on closed offenses and who can modify this period? A flow is a sequence of packets that have which common characteristics? If a user wants to assign an incident to a particular user, which drop-down list would they select inside the Offense interface? Given the IBM Security Framework, IBM Security QRadar V7.0 MR4 fits into which two security domains? (Choose two.) Which two components are only part of the IBM Security QRadar V7.0 MR4 (QRadar) SIEM and cannot be found in the QRadar Log Management? (Choose two.)