Free IBM Certification Security QRadar, Associate Analyst Question and Answers

Question 1

What distinguishes a flow from an incident most significantly?

Accepted Answer

Events occur at a moment in time while flows have a duration.

Answer

Flows only contribute to local correlated rules, while events are global.

Answer

Events allow for the creation of custom properties, but flows cannot.

Answer

Events can be forwarded to another destination, but flows cannot.

Question 2

Which QRadar rule is capable of identifying a probable data loss?

Accepted Answer

Apply Potential data loss on flows which are detected by the local system and when the source bytes is greater than 200000 and when at least 5 flows are seen with the same Source IP, Destination Port Destination IP in 12 minutes

Answer

Apply Potential data loss on events which are detected by the local system and when the event category for the event is one of the following Authentication and when any of Username are contained in any of Terminated_User

Answer

Apply Potential data loss on flows which are detected by the local system and when at least 1000 flows are seen with the same Destination IP and different source in 2 minutes

Answer

Apply Potential data loss on event of flows which are detected by the local system and when any IP is part of any of the following XForce premium Premium_Malware

Question 3

Which fundamental building blocks does the Report Wizard use to assist in producing a report?

Accepted Answer

Layout, Container, Content

Answer

Pagination Option, Orientation, Date

Answer

Report Classification, Time, Date

Answer

Container, Orientation, Layout

Question 4

What kinds of information are provided by log sources?

Accepted Answer

User login actions

Answer

Router configuration exports.

Answer

Flows generated by users

Answer

Operating system updates

Question 5

What list solely contains Rule Actions?

Accepted Answer

Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.

Answer

Modify Severity; Send to Forwarding Destinations; Drop the Detected Event; Ensure the detected event is part of an offense.

Answer

Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.

Answer

Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.

Question 6

Where can you find events connected to a certain crime?

Accepted Answer

Offense Summary Page and List of Events window

Answer

Under Log Activity, search for Events associated with an Offense

Answer

Offenses Tab and Event List window

Answer

Dashboard and List of Events window

Question 7

What different timestamps are connected to a flow?

Accepted Answer

First Packet Time, Storage Time, Last Packet Time

Answer

First Packet Time, Storage Time, Log Source Time, End Time

Answer

First Packet Time, Log Source Time, Last Packet Time

Answer

First Packet Time, Storage Time, Log Source Time

Question 8

What does an event with a Low Level Category of Unknown on an existing log in QRadar mean?

Accepted Answer

That the event was parsed, but not mapped to an existing QRadar category

Answer

That event was from a device that is not supported by QRadar

Answer

That event arrived out of order from the original device

Answer

That event could not be parsed

Question 9

What role does the Device Support Module (DSM) perform in QRadar?

Accepted Answer

Parses event information for SIEM products received from external sources

Answer

Provides Vendor specific configuration information

Answer

Unites data received from logs

Answer

Scans log information based on a set of rules to output offenses

Question 10

Which QRadar component enables more data to be left uncompressed, hence speeding up the search speed during a deployment?

Accepted Answer

QRadar Data Node

Answer

Qradar Event Processor

Answer

QRadar Event Collector

Answer

QRadar Flow Processor