IBM Security QRadar SIEM V7.2.6 Associate Analyst 試験
Question No : 1
Which kind of information do log sources provide?
Question No : 2
A mapping of a username to a user's manager can be stored in a Reference Table and output in a search or a report.
Which mechanism could be used to do this?
Question No : 3
Which log source and protocol combination delivers events to QRadar in real time?
Question No : 4
Which QRadar component provides the user interface that delivers real-time flow views?
Question No : 5
What are two characteristics of a SIEM? (Choose two.)
Question No : 6
Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?
Question No : 7
Which device uses signatures for traffic analysis when deployed in a network environment to detect, allow, block, or simulated-block traffic?
Question No : 8
What is the largest differentiator between a flow and event?
Question No : 9
What is a main function of a Cisco Adaptive Security Appliance (ASA)?
Question No : 10
When QRadar processes an event it extracts normalized properties and custom properties.
Which list includes only Normalized properties?
Question No : 11
What set of Key fields can trigger coalescing?
Question No : 12
What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?
Question No : 13
What is the maximum number of supported dashboards for a single user?
Question No : 14
Which QRadar component is designed to help increase the search speed in a deployment by allowing more data to remain uncompressed?
Question No : 15
What is the difference between TCP and UDP?