Question 1

How does a QRadar analyst get to more information about a MITRE entry in the Use Case Manager?

Options :

A : Hover over the entry and read the tooltip

B : Highlight the entry and click the help button

C : Click the Tactic’s Explore icon to reveal and open the MITRE web page

D : Use the Threat Intelligence app

Answer: C

Question 2

An analyst wishes to review an event which has a rules test against both event and flow data. What kind of rule is this?

Options :

A : Anomaly rules

B : Threshold rules

C : Offense rules

D : Common rules

Answer: A

Question 3

Which QRadar component provides the user interface that delivers real-time flow views?

Options :

A : QRadar Viewer

B : QRadar Console

C : QRadar Flow Collector

D : QRadar Flow Processor

Answer: B

Question 4

A QRadar analyst develops an advanced search on the Log Activity tab and presses the shortcut "Ctrl + Space" in the search field. What information is displayed?

Options :

A : The full list of AQL databases, functions and fields (properties) is displayed.

B : The full list of AQL tables and relationships from a database is displayed.

C : The full list of AOL functions, fields (properties), and keywords is displayed.

D : The full list of AQL functions, tables, and views from a database is displayed.

Answer: A

Question 5

What is the primary use of viewing the Magnitude metric on the Offenses tab?

Options :

A : Determine which events to investigate last.

B : Determine the credibility rating that is configured in the log source.

C : Understand the type of offense we are facing.

D : Identify the importance of the offense in your environment.

Answer: D

Free C1000-162 Mock Exam – Practice Online Confidently

Buying Options: