Professional Documents
Culture Documents
Day 4 Quiz - Attempt Review
Day 4 Quiz - Attempt Review
Question 1
Incorrect
The correct answer is: Importing users and having a data set for grouping metrics.
Question 2
Correct
In the Offense Summary page, which field indicates if an attack was sudden or if the attack occurred over a long period of time?
a. Attack Length
b. Total Time
c. Duration
d. Offense Period
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 1/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 3
Incorrect
The correct answer is: The index option chosen in the rule that created the offense
Question 4
Correct
What is the name for the relationship between asset updates and the corresponding asset in the asset database?
a. Asset merging
b. Asset reconciliation
c. Asset identifier
d. Asset update process
Question 5
Correct
The correct answer is: A problem was encountered during the model-building phase.
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 2/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 6
Correct
In the All Offenses dialog box, which column are the offenses sorted by default?
a. Description
b. Magnitude
c. Offense Type
d. Start Date
Question 7
Correct
What is the minimum required size to install Machine Learning (ML) in an app?
a. 4GB
b. 1GB
c. 2GB
d. 3GB
Question 8
Correct
a. HTML
b. CSV
c. XML
d. PDF
e. RTF
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 3/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 9
Incorrect
Question 10
Correct
A client's QRadar console reported an asset growth deviation. You discover that the client mistakenly customized a central log server's log
source extension to include the server's DNS hostname instead of the host names of the multiple assets that many users log in to. What effect
does this customization have on the QRadar asset database?
a. Too many assets are added with one single DNS name
b. A single asset is added with multiple usernames and IPs
c. The "AssetExclusion: Exclude MAC Address By IP" rule is triggered
d. The hostname of all assets is changed to "Unknown"
The correct answer is: A single asset is added with multiple usernames and IPs
Question 11
Correct
During a PoC, a seller notices that the User Behavior Analytics app marks about 80% of monitored users as high-risk users. How do you tune
the UBA settings so that only users with risk scores of more than 100 points are considered high-risk users?
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 4/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 12
Incorrect
A client is concerned about facing insider threats from disgruntled employees who might react to an upcoming company reorganization. Which
QRadar SIEM solution can help you deliver this PoC use case?
a. Install the Threat Intelligence (TI) app and enable IPS logs.
b. Install the Threat Intelligence (TI) app and enable network flows.
c. Install the UBA app and enable web proxy logs.
d. Install the UBA app and enable the firewall and DNS logs.
The correct answer is: Install the UBA app and enable web proxy logs.
Question 13
Correct
When prioritising offenses to investigate, what metric is provided on the Offenses tab specifically to help influence which offenses to
investigate first?
a. Severity
b. Credibility
c. Relevance
d. Magnitude
Question 14
Correct
The correct answer is: Offense Summary window > click Events from Event/Flow count column
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 5/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 15
Correct
An organization wants QRadar to have rules, dashboards, and reports to detect and report on cryptocurrency mining activity. What can be
installed in QRadar to meet this requirement?
The correct answer is: Content extension from IBM Security App Exchange
Question 16
Correct
a. Credibility
b. Relevance
c. Impact
d. Severity
Question 17
Correct
For a Source IP based offense, which field helps determine relative importance of the targets to the business?
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 6/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
Question 18
Incorrect
How can user data be imported into UBA (User Behaviour Analytics) platform?
Question 19
Correct
What can an analyst use in QRadar to quickly find information about IP addresses and URLs while analyzing an offense or event?
The correct answer is: Use the X-Force Exchange lookup plugin.
Question 20
Incorrect
Which steps are required to see hidden offenses in IBM Security QRadar?
a. Hidden Offenses are no longer associated with Offenses so a custom report and a search should be created that uses a search
parameter where Associated with Offense equals False. To create a custom report, navigate to Reports and from the Actions menu
select Create.
b. From the Offenses page, navigate to All Offenses and open the Search menu.
c. Contact the QRadar administrator to select Hidden Offenses and then choose the Show option from the Action menu.
d. Select Edit Search and in the Search Parameters section, uncheck the box Exclude Hidden Offenses.
e. From the Offenses page, navigate to the Offenses by Category, and click on Show Inactive Categories to display all hidden offenses.
Click Hide Inactive Categories to hide them again.
The correct answer is: From the Offenses page, navigate to All Offenses and open the Search menu.
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 7/8
11:06 11/08/2023 Day 4 Quiz: Attempt review
https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 8/8