Started on Friday, October 6, 2023, 6:32 AM

State Finished
Completed on Friday, October 6, 2023, 6:45 AM Back Next

Time taken 12 mins 37 secs

Feedback Congratulations, you passed the quiz!

Question 1 If you have multiple systems that require the same handling fo multiple events, what
Correct special type of log source do you need to set up?

Points out of
Anonymous
1.00
Workflow
SIM Generic
Gateway 

Question 2 What log source component is responsible for delivering logs into QRadar?
Correct
Protocol 
Points out of
DSM
1.00
Log source type
Sensordevice

Question 3 To automatically receive IBM X-Force Threat Intelligence data in your QRadar
Correct deployment, which mechanism do you have to configure?

Points out of
STIX protocol
1.00
Am-I-affected feed
TAXII feed 

Malware reference table

Question 4 What two timestamps define the event pipeline processing?
Incorrect
Start Time and End Time 
Points out of
Start Time and Disk Time Back Next
1.00
Storage time and Start time
Storage Time and Log Source Time

Question 5 When does an offense go into an inactive state?

Incorrect
After 30 minutes of inactivity 
Points out of
After 5 days of inactivity
1.00
After 1 hour of inactivity
After 30 days of inactivity

Question 6 What type of flow is distributed denial of service (DDOS) traffic?

Correct
Superflow B 
Points out of
Superflow C
1.00
Superflow D
Superflow A

Question 7 What QNI inspection level can extract file names and hash values?
Correct
Extended
Points out of
Enriched 
1.00
Advanced
Performance
Question 8 What action helps to avoid deviant asset growth notifications?
Correct
Freeze the asset identifier
Points out of Back Next
Lower the asset update process frequency
1.00
Lower the asset profiler retention values 

Disable server discovery

Question 9 What feature can help you optimize an AQL search?

Correct
Data retention policy
Points out of
Index management tool 
1.00
AQL functions
Quick filter

Question 10 What is the name for a rule that does not have an action?
Correct
Basic rule
Points out of
Insight
1.00
Default rule
Building block 

Question 11 What is the purpose of a single quotation mark in the AQL statements?
Incorrect
They are used only for WHERE, GROUP BY and ORDER BY clauses. 
Points out of
They are used for string comparison.
1.00
They are used for column names that contain spaces or non-ASCII characters.
They are used to escape special characters.
Question 12 What are the two main components of a Log Source?
Correct
Protocol and Log Source Type 
Points out of
Parser and DSM Back Next
1.00
Receiver and DSM
Protocol and normalizer

Question 13 What offense parameter combines multiple events and flows into a single offense?
Incorrect
Offense index
Points out of
Offense magnitude
1.00
IP address of the Log Source
Source IP 

Question 14 What is the name of the script that helps configure Disconnected Log Collector (DLC),
Correct which uses TLS communication with QRadar?

Points out of 
generateCertificate.sh
1.00
setupTLS.sh
configTLS.sh
setupDLC.sh -p TLS

Question 15 When you deploy new log sources in your environment, you can thoroughly test
Correct successful connectivity and correct log data transfer directly from your QRadar
Console. Which QRadar component are you using for this test?
Points out of
1.00 
Log Source Management app
Assistant app
Use Case Manager app
DSM Editor
Question 16 When you use Quick Filters in the Log Activity tab, what are you searching for in the
Correct events?

Points out of
All custom properties Back Next
1.00
Any plain text in the raw payload 

Only indexed custom properties

Only the first 64 characters of the payload

Question 17 What kind of traffic indicates that QRadar Network Hierarchy is misconfigured?
Correct
Local to Local (L2L)
Points out of
Remote to Local (R2L)
1.00
Local to Remote (L2R)
Remote to Remote (R2R) 

Question 18 If the Log Source receives the log and does not know how to parse it, what is the name
Correct of an event?

Points out of
Generic data event
1.00
Audit event
Unknown event
Stored event 

Question 19 What is the default port for the DLC log source on QRadar?
Incorrect
443
Points out of
32500
1.00
514
6514 
Question 20 If you want to extract Linux security logs on AWS and process them as a log source in
Correct your QRadar environment, you first have to collect and store them into an AWS
component. What is the name of that component?
Points out of
Back Next
1.00 
CloudWatch Log Group in AWS
Amazon Kinesis Data Firehose
Amazon S3 Bucket
Amazon Kinesis Data Stream

Question 21 How many inspection levels can be configured for QRadar Network Insights (QNI)?
Correct
5
Points out of
2
1.00
3 

Question 22 If you want to extract Linux security logs on AWS and process them as a log source in
Incorrect your QRadar environment in real time, which AWS component do you have to use?

Points out of
Amazon Kinesis Data Firehose
1.00
Amazon Kinesis Data Stream
CloudWatch Log Group in AWS 

Amazon S3 Bucket

Question 23 Which Quick filter finds the exact Firewall Deny message in the logs?
Correct
"Firewall Deny" 
Points out of
?(Firewall Deny)
1.00
%sFirewall.Deny
'Firewall Deny'
Question 24 What is the name for the relationship between asset updates and the corresponding
Correct asset in the asset database?

Points out of 
Asset reconciliation Back Next
1.00
Asset identifier
Asset update process
Asset merging

Question 25 What parameter does QRadar use to perform asset merging?

Correct
Asset MAC address
Points out of
Server discovery
1.00
Asset identifier 

Asset DNS