Professional Documents
Culture Documents
QRadar SEIM - Product Education For Technical Sales Quiz Attempt Review
QRadar SEIM - Product Education For Technical Sales Quiz Attempt Review
State Finished
Completed on Friday, October 6, 2023, 6:45 AM Back Next
Question 1 If you have multiple systems that require the same handling fo multiple events, what
Correct special type of log source do you need to set up?
Points out of
Anonymous
1.00
Workflow
SIM Generic
Gateway
Question 2 What log source component is responsible for delivering logs into QRadar?
Correct
Protocol
Points out of
DSM
1.00
Log source type
Sensordevice
Question 3 To automatically receive IBM X-Force Threat Intelligence data in your QRadar
Correct deployment, which mechanism do you have to configure?
Points out of
STIX protocol
1.00
Am-I-affected feed
TAXII feed
Question 7 What QNI inspection level can extract file names and hash values?
Correct
Extended
Points out of
Enriched
1.00
Advanced
Performance
Question 8 What action helps to avoid deviant asset growth notifications?
Correct
Freeze the asset identifier
Points out of Back Next
Lower the asset update process frequency
1.00
Lower the asset profiler retention values
Question 10 What is the name for a rule that does not have an action?
Correct
Basic rule
Points out of
Insight
1.00
Default rule
Building block
Question 11 What is the purpose of a single quotation mark in the AQL statements?
Incorrect
They are used only for WHERE, GROUP BY and ORDER BY clauses.
Points out of
They are used for string comparison.
1.00
They are used for column names that contain spaces or non-ASCII characters.
They are used to escape special characters.
Question 12 What are the two main components of a Log Source?
Correct
Protocol and Log Source Type
Points out of
Parser and DSM Back Next
1.00
Receiver and DSM
Protocol and normalizer
Question 13 What offense parameter combines multiple events and flows into a single offense?
Incorrect
Offense index
Points out of
Offense magnitude
1.00
IP address of the Log Source
Source IP
Question 14 What is the name of the script that helps configure Disconnected Log Collector (DLC),
Correct which uses TLS communication with QRadar?
Points out of
generateCertificate.sh
1.00
setupTLS.sh
configTLS.sh
setupDLC.sh -p TLS
Question 15 When you deploy new log sources in your environment, you can thoroughly test
Correct successful connectivity and correct log data transfer directly from your QRadar
Console. Which QRadar component are you using for this test?
Points out of
1.00
Log Source Management app
Assistant app
Use Case Manager app
DSM Editor
Question 16 When you use Quick Filters in the Log Activity tab, what are you searching for in the
Correct events?
Points out of
All custom properties Back Next
1.00
Any plain text in the raw payload
Question 17 What kind of traffic indicates that QRadar Network Hierarchy is misconfigured?
Correct
Local to Local (L2L)
Points out of
Remote to Local (R2L)
1.00
Local to Remote (L2R)
Remote to Remote (R2R)
Question 18 If the Log Source receives the log and does not know how to parse it, what is the name
Correct of an event?
Points out of
Generic data event
1.00
Audit event
Unknown event
Stored event
Question 19 What is the default port for the DLC log source on QRadar?
Incorrect
443
Points out of
32500
1.00
514
6514
Question 20 If you want to extract Linux security logs on AWS and process them as a log source in
Correct your QRadar environment, you first have to collect and store them into an AWS
component. What is the name of that component?
Points out of
Back Next
1.00
CloudWatch Log Group in AWS
Amazon Kinesis Data Firehose
Amazon S3 Bucket
Amazon Kinesis Data Stream
Question 21 How many inspection levels can be configured for QRadar Network Insights (QNI)?
Correct
5
Points out of
2
1.00
3
Question 22 If you want to extract Linux security logs on AWS and process them as a log source in
Incorrect your QRadar environment in real time, which AWS component do you have to use?
Points out of
Amazon Kinesis Data Firehose
1.00
Amazon Kinesis Data Stream
CloudWatch Log Group in AWS
Amazon S3 Bucket
Question 23 Which Quick filter finds the exact Firewall Deny message in the logs?
Correct
"Firewall Deny"
Points out of
?(Firewall Deny)
1.00
%sFirewall.Deny
'Firewall Deny'
Question 24 What is the name for the relationship between asset updates and the corresponding
Correct asset in the asset database?
Points out of
Asset reconciliation Back Next
1.00
Asset identifier
Asset update process
Asset merging
Asset DNS