C2150-195 - IBM Security QRadar V7.0 MR4 Fundamentals
Go back to IBM
What is an example of a correctly written single character wild card search term using the Quick Filter?
Which column in the log activity displays the coalesced value?
When investigating an offense, what is the best option to gather information about the destination IP addresses within IBM Security QRadar V7.0 MR4?
Analyze the destination IP addresses and look for critical services to determine if they are local or remote
What is required for a custom report to be generated?
A saved search
What is the main difference between a QFlow record versus a netflow capable router or switch?
QFlow and vFlow can capture the communication payload.
How can a user search to show only hosts with vulnerabilities?
Check the Show Only Hosts with Vulnerabilities checkbox
Which item in the IBM Security QRadar V7.0 MR4 interface provides a context sensitive help page which is available for any page, window, or section?
The question mark in the far right corner
Which high level category is used for IBM Security QRadar V7.0 MR4 internal monitoring?
Approximately how many default reports are included in IBM Security QRadar V7.0 MR4?
By default how often is the information on the Dashboard refreshed?
Every 60 seconds
Which two fields are common in the Network Activity and Log Activities tabs? (Choose two.)
When investigating an offense, how can a user gather information about the source IP address within IBM Security QRadarV7.0MR4?
Mouse over the source IP address
How can a user cancel a running report in IBM Security QRadar V7.0 MR4?
A running report cannot be canceled
How does IBM Security QRadar V7.0 MR4 (QRadar) use the information from vulnerability scanners?
The information can be used to determine if an asset is vulnerable to an exploit.
What is the most likely issue with creating a custom property with a bad regex?
It slows down the event parsing when events are processed.
Which four fields are used when importing assets from a CSV file?
IP, Name, Weight. Description
A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked?
What are vulnerability scanners?
It is an automated process that periodically checks computers for known vulnerabilities.
How can a user display Raw events?
Display drop-down > Raw Events
Which statement is most accurate regarding the information that NetFlow provides?
The start time and duration of the conversation, the source and destination IP address, the IP port number the data was sent to and received over, and the total bytes transferred.
Which flow direction would a user specify in order to see flows that are solely related to traffic that originates from the internal networks to external networks?
For any Dashboard workspace, which two methods can be used to zoom into any of the spikes in traffic? (Choose two.)
Double left-click on the peak of the spike
Hold the Shift key, left-click the mouse, drag to the right past the spike, and release the mouse button
Where would a user set a searched view as the default view?
Under Save Criteria
The remote directory field can be left blank for which protocol?
Where are QID values displayed?
In the Additional Information section of the event
Which search property is required for a user to create a Time Series chart?
Have a saved search with a Grouped By option enabled
What is used to parse an event (log record) in IBM Security QRadar V7.0 MR4?
What is the Identity Information section used for?
To show the user information relative to an event
What are two instances when IBM Security QRadar V7.0 MR4 performs a magnitude re-evaluation for an offense? (Choose two.)
At scheduled intervals
When each event or flow is added
Which protocol can be used to send reports?
Where would a user look to see the entire payload of an event?
The Payload Information section
Which regex should be used to capture only the domain name blackbox.computerfor all future machine names based on this example? `Computer=3 8 9.blackbox.computer'
Computer=. *?\. (.*?)\s
How can a user pause live streaming events?
Select the Pause icon
A user is complaining of slow traffic on a specific network segment. An administrator is investigating the source of the congestion using the IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. The administrator has drilled down into the details of a traffic spike and is now on the Details tab. What information is shown when double-clicking on the top application in the list?
A list of flows sorted by time for the selected application
If an IBM Security QRadar V7.0 MR4 operator wants to make the log data view/search available as a Dashboard item, what specifically must be done with the saved log search?
The search must be grouped around a parameter such as Source IP, Destination IP, etc.
Which option must be selected to view the results of previously run searches from the Log Activity tab?
Manage Search Results
How can a user quickly add a filter?
Click the Add Filter menu icon
A flow is always based on what?
unicast. multicast, and anycast traffic
How is the real time streaming of payloads for events viewed?
Display drop-down > Raw Events
How can the time zone be changed for an existing report?
Modify the template, under Chart Type select Define > select Time Zone
Using the regex * (RecordNumber) = (. *?)\s', which capture group should be used to capture the digits?
If an IBM Security QRadar V7.0 MR4 operator wants to detect a specific data string in the flow content, which search parameter should be used as a filter?
Source Payload Contains
When working with rules, why do some rules specify QID values and some specify events?
QID values are more precise; multiple QIDmap entries can be to same event name.
What are two IT Security Frameworks? (Choose two.)
What two tasks can be performed from the Assets tab? (Choose two.)
Manually add asset profiles
Search assets that match specific attributes
What effect does the Offense Retention period have on closed offenses and who can modify this period?
The Offense Retention period determines how long a closed offense will be kept in the database before it is deleted. The only person who can modify this period is an IBM Security QRadar V7.0 MR4 (QRadar) admin.
A flow is a sequence of packets that have which common characteristics?
Same source and destination IP address and transport layer port information
If a user wants to assign an incident to a particular user, which drop-down list would they select inside the Offense interface?
Given the IBM Security Framework, IBM Security QRadar V7.0 MR4 fits into which two security domains? (Choose two.)
Infrastructure, Network, or Endpoint
IT Security/Compliance Analytics and Reporting
Which two components are only part of the IBM Security QRadar V7.0 MR4 (QRadar) SIEM and cannot be found in the QRadar Log Management? (Choose two.)