Question 1

After conducting a thorough analysis, it was discovered that the traffic generated by an attacker targeting one system through many unique events in different categories is legitimate and should not be classified as an offense. Which tuning methodology guideline can be used to tune out this traffic?

Options :

A : Edit the Log Source Management app to tune the category

B : Edit the buildingblocks byusingtheCustomRulesEditor to tune the category

C : Edit the buildingblocks byusingtheCustomRulesEditor to tune the specific event

D : Edit the buildingblocks byusingtheCustomRulesEditor to tune the destinationIP address

Answer: C

Question 2

Which type of rule requires a saved search that must be grouped around a common parameter

Options :

A : Flow Rule

B : Event Rule

C : Common Rule

D : Anomaly Rule

Answer: B

Question 3

An analyst wishes to review an event which has a rules test against both event and flow data. What kind of rule is this?

Options :

A : Anomaly rules

B : Threshold rules

C : Offense rules

D : Common rules

Answer: A

Question 4

Which parameters are used to calculate the magnitude rating of an offense?

Options :

A : Relevance, credibility, time

B : Severity, relevance, credibility

C : Relevance, urgency, credibility

D : Severity, impact, urgency

Answer: B

Question 5

When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?

Options :

A : ASSETS

B : PAYLOAD

C : OFFENSES

D : AOL QUERY

E : SAVED SEARCHES

Answer: A,C

Free C1000-162 Mock Exam – Practice Online Confidently

Buying Options: