Where can a user add a note to an offense in the user interface?
A. Dashboard and Offenses Tab
B. Offenses Tab and Offense Detail Window
C. Offenses Detail Window, Dashboard, and Admin Tab
D. Dashboard, Offenses Tab, and Offense Detail Window
A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected. Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation. How can the Security Analyst ensure results of the penetration test are retained?
A. Hide the offense and add a note with a reference to the penetration test findings
B. Protect the offense to not allow it to delete automatically after the offense retention period has elapsed
C. Close the offense and mark the source IP for Follow-Up to check if there are future events from the host
D. Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense
What is a Device Support Module (DSM) function within QRadar?
A. Unites data received from logs
B. Provides Vendor specific configuration information
C. Scans log information based on a set of rules to output offenses
D. Parses event information for SIEM products received from external sources
What are the various timestamps related to a flow?
A. First Packet Time, Storage Time, Log Source Time
B. First Packet Time, Storage Time, Last Packet Time
C. First Packet Time, Log Source Time, Last Packet Time
D. First Packet Time, Storage Time, Log Source Time, End Time
Which two are top level options when right clicking on an IP Address within the Offense Summary page? (Choose two.)
A. WHOIS
B. Navigate
C. DNS Lookup
D. Information
E. Asset Summary Page
What is the difference between TCP and UDP?
A. They use different port number ranges
B. UDP is connectionless, whereas TCP is connection based
C. TCP is connectionless, whereas UDP is connection based
D. TCP runs on the application layer and UDP uses the Transport layer
What can be considered a log source type?
A. ICMP
B. SNMP
C. Juniper IDP
D. Microsoft SMBtail
What is a primary benefit of building blocks?
A. They can notify users of strange behavior.
B. They allow the execution of its test within all rules.
C. They generate new events into the pipeline before rules fire.
D. They allow for report result to be used in custom rules tests.
Which column shows information as icons on the Reports tab?
A. Owner
B. Formats
C. Schedule
D. Report Name
Which advantage of a report helps distinguish it from a search?
A. Scheduling is available.
B. It can be added as a dashboard item.
C. It can be labeled for later use.
D. A report can be assigned to specific users.
What is the purpose of coalescing?
A. To reduce the number of events which count against EPS licenses
B. To reduce the amount of data received by QRadar event collectors
C. To reduce the amount of data going through the pipeline and stored onto disk
D. To reduce the number of offenses generated by QRadar as part of the tuning process
Events and Flows both have multiple different timestamps available to them. Which timestamp is available to both events and flows?
A. End Time
B. Storage Time
C. First Activity Time
D. Last Activity Time
Which feature of a Next Generation Firewall is not available on previous firewalls?
A. VPN Support
B. Layer 3 based firewall rules
C. Integrated signature based IPS engine
D. Network and Port-Address Translation (NAT)
Which port does HTTP traffic commonly use?
A. Port 22
B. Port 53
C. Port 80
D. Port 443
Which three things can be found under the Information menu when right clicking an IP address? (Choose three.)
A. Asset Profile
B. DNS Lookup
C. Hide Offense
D. WHOIS Lookup
E. Annotation View
F. Username Lookup