Scribd Logo
Upload

Welcome to Scribd!

  • Day 4 Quiz - Attempt Review

    Uploaded by

    Đỗ Đức Anh
    51 views8 pages
    The document summarizes a quiz review on QRadar concepts. The review shows the user scored 14 out of 20 (70%) on the quiz. It provides the questions, multiple choice answers, and indicates which answers were correctly/incorrectly selected. Key details assessed included QRadar modeling, offenses, assets, and settings.

    Original Description:

    Original Title

    Day 4 Quiz_ Attempt review

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes a quiz review on QRadar concepts. The review shows the user scored 14 out of 20 (70%) on the quiz. It provides the questions, multiple choice answers, and indicates which answers were correctly/incorrectly selected. Key details assessed included QRadar modeling, offenses, assets, and settings.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    51 views8 pages

    Day 4 Quiz - Attempt Review

    Uploaded by

    Đỗ Đức Anh
    The document summarizes a quiz review on QRadar concepts. The review shows the user scored 14 out of 20 (70%) on the quiz. It provides the questions, multiple choice answers, and indicates which answers were correctly/incorrectly selected. Key details assessed included QRadar modeling, offenses, assets, and settings.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Started on Thursday, 10 August 2023, 11:36 AM


    State Finished
    Completed on Thursday, 10 August 2023, 12:00 PM
    Time taken 24 mins 3 secs
    Grade 14.00 out of 20.00 (70%)

    Question 1
    Incorrect

    Mark 0.00 out of 1.00

    What is required to build the "Peer" objective type model?

    a. Importing users and having a data set for grouping metrics.


    b. Sending events indicating the change in use of the monitored metric. 
    c. Reporting anomalies in the amount of data for the monitored metric.
    d. Tracking the amount of data for the monitored metric.

    The correct answer is: Importing users and having a data set for grouping metrics.

    Question 2
    Correct

    Mark 1.00 out of 1.00

    In the Offense Summary page, which field indicates if an attack was sudden or if the attack occurred over a long period of time?

    a. Attack Length
    b. Total Time
    c. Duration 
    d. Offense Period

    The correct answer is: Duration

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 1/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 3

    Incorrect

    Mark 0.00 out of 1.00

    What is an Offense Type?

    a. The destination of the e-mail notification sent


    b. The offense response
    c. The index option chosen in the rule that created the offense
    d. A scoring priority of Set by Event 

    The correct answer is: The index option chosen in the rule that created the offense

    Question 4
    Correct

    Mark 1.00 out of 1.00

    What is the name for the relationship between asset updates and the corresponding asset in the asset database?

    a. Asset merging
    b. Asset reconciliation 
    c. Asset identifier
    d. Asset update process

    The correct answer is: Asset reconciliation

    Question 5
    Correct

    Mark 1.00 out of 1.00

    What does the yellow warning icon indicate?

    a. The model is ingesting data.


    b. A problem was encountered during the model-building phase. 
    c. The model is building.
    d. The model is enabled.

    The correct answer is: A problem was encountered during the model-building phase.

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 2/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 6

    Correct

    Mark 1.00 out of 1.00

    In the All Offenses dialog box, which column are the offenses sorted by default?

    a. Description
    b. Magnitude 
    c. Offense Type
    d. Start Date

    The correct answer is: Magnitude

    Question 7
    Correct

    Mark 1.00 out of 1.00

    What is the minimum required size to install Machine Learning (ML) in an app?

    a. 4GB
    b. 1GB
    c. 2GB 
    d. 3GB

    The correct answer is: 2GB

    Question 8
    Correct

    Mark 1.00 out of 1.00

    Offenses can be exported to which two file formats? (Choose two.)

    a. HTML
    b. CSV 
    c. XML 
    d. PDF
    e. RTF

    The correct answers are: XML, CSV

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 3/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 9

    Incorrect

    Mark 0.00 out of 1.00

    Which models use the Time series graph?

    a. All of the above


    b. Access activity 
    c. Aggregated activity
    d. Authentication activity

    The correct answer is: All of the above

    Question 10
    Correct

    Mark 1.00 out of 1.00

    A client's QRadar console reported an asset growth deviation. You discover that the client mistakenly customized a central log server's log
    source extension to include the server's DNS hostname instead of the host names of the multiple assets that many users log in to. What effect
    does this customization have on the QRadar asset database?

    a. Too many assets are added with one single DNS name
    b. A single asset is added with multiple usernames and IPs 
    c. The "AssetExclusion: Exclude MAC Address By IP" rule is triggered
    d. The hostname of all assets is changed to "Unknown"

    The correct answer is: A single asset is added with multiple usernames and IPs

    Question 11
    Correct

    Mark 1.00 out of 1.00

    During a PoC, a seller notices that the User Behavior Analytics app marks about 80% of monitored users as high-risk users. How do you tune
    the UBA settings so that only users with risk scores of more than 100 points are considered high-risk users?

    a. Add more users to the monitored users list


    b. Update the static risk threshold 
    c. Modify the sense value of the UBA rules that trigger most frequently
    d. Increase the decay factor

    The correct answer is: Update the static risk threshold

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 4/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 12

    Incorrect

    Mark 0.00 out of 1.00

    A client is concerned about facing insider threats from disgruntled employees who might react to an upcoming company reorganization. Which
    QRadar SIEM solution can help you deliver this PoC use case?

    a. Install the Threat Intelligence (TI) app and enable IPS logs.
    b. Install the Threat Intelligence (TI) app and enable network flows.
    c. Install the UBA app and enable web proxy logs.
    d. Install the UBA app and enable the firewall and DNS logs. 

    The correct answer is: Install the UBA app and enable web proxy logs.

    Question 13
    Correct

    Mark 1.00 out of 1.00

    When prioritising offenses to investigate, what metric is provided on the Offenses tab specifically to help influence which offenses to
    investigate first?

    a. Severity
    b. Credibility
    c. Relevance
    d. Magnitude 

    The correct answer is: Magnitude

    Question 14
    Correct

    Mark 1.00 out of 1.00

    How are Events that are associated with an offense listed?

    a. Offense Summary window > click Display > Destination IPs


    b. Offense Summary window > Destination IPs
    c. Offense Summary window > click Events from Event/Flow count column 
    d. Offense Summary window > click Source IPs

    The correct answer is: Offense Summary window > click Events from Event/Flow count column

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 5/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 15

    Correct

    Mark 1.00 out of 1.00

    An organization wants QRadar to have rules, dashboards, and reports to detect and report on cryptocurrency mining activity. What can be
    installed in QRadar to meet this requirement?

    a. User Behavior Analytics from IBM Security App Exchange


    b. Content extension from IBM Security App Exchange 
    c. Latest autoupdates from IBM Security Fix Central
    d. Latest MITRE content from IBM Security Fix Central

    The correct answer is: Content extension from IBM Security App Exchange

    Question 16
    Correct

    Mark 1.00 out of 1.00

    Which parameter determines the impact of the offense on the network?

    a. Credibility
    b. Relevance 
    c. Impact
    d. Severity

    The correct answer is: Relevance

    Question 17
    Correct

    Mark 1.00 out of 1.00

    For a Source IP based offense, which field helps determine relative importance of the targets to the business?

    a. Relative importance of Destination IP(s) 


    b. Total number of Events
    c. Duration of the offense
    d. Last Event/Flow

    The correct answer is: Relative importance of Destination IP(s)

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 6/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    Question 18

    Incorrect

    Mark 0.00 out of 1.00

    How can user data be imported into UBA (User Behaviour Analytics) platform?

    a. Reference table, References set, CSV


    b. CSV, Reference table, LDAP
    c. Reference Map, Reference table, LDAP
    d. Reference table, Reference Map, Reference set 

    The correct answer is: CSV, Reference table, LDAP

    Question 19
    Correct

    Mark 1.00 out of 1.00

    What can an analyst use in QRadar to quickly find information about IP addresses and URLs while analyzing an offense or event?

    a. Use the X-Force Exchange lookup plugin. 


    b. Copy the IP address or URL and paste it in any external reputation site.
    c. Export the Event to CSV and upload it to reputation sites.
    d. Verify if the IP address of URL is in any of your reference sets.

    The correct answer is: Use the X-Force Exchange lookup plugin.

    Question 20
    Incorrect

    Mark 0.00 out of 1.00

    Which steps are required to see hidden offenses in IBM Security QRadar?

    a. Hidden Offenses are no longer associated with Offenses so a custom report and a search should be created that uses a search
    parameter where Associated with Offense equals False. To create a custom report, navigate to Reports and from the Actions menu
    select Create.
    b. From the Offenses page, navigate to All Offenses and open the Search menu.
    c. Contact the QRadar administrator to select Hidden Offenses and then choose the Show option from the Action menu.
    d. Select Edit Search and in the Search Parameters section, uncheck the box Exclude Hidden Offenses. 
    e. From the Offenses page, navigate to the Offenses by Category, and click on Show Inactive Categories to display all hidden offenses.
    Click Hide Inactive Categories to hide them again.

    The correct answer is: From the Offenses page, navigate to All Offenses and open the Search menu.

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 7/8
    11:06 11/08/2023 Day 4 Quiz: Attempt review

    https://150.239.57.231:8080/mod/quiz/review.php?attempt=509&cmid=107 8/8

    You might also like