Scribd
Upload
182 views11 pages

Configuration and Tuning SIEM Deploy L4 Quiz Attempt Review

Uploaded by

Captain colleen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
182 views11 pages

Configuration and Tuning SIEM Deploy L4 Quiz Attempt Review

Uploaded by

Captain colleen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Configuration and Tuning [SIEM


Deploy L4] Quiz Back Next

You must receive a score of 75% or higher on the quiz to complete


the course.
Started on Monday, August 5, 2024, 4:11 AM
State Finished
Completed on Monday, August 5, 2024, 4:16 AM
Time taken 5 mins 21 secs
Feedback Congratulations, you passed the quiz!

Question 1

Correct

Points out of 1.00

QRadar provides a set of options to manage single offenses.


Why would you protect an offense?

To prevent it from being removed when the retention 

period expires.
To prevent another user from closing the offense.

To avoid having new triggered rules overwrite the offense


as is.

To limit the impact that hackers can have on the Ariel


database.

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 1/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 2

Correct

Points out of 1.00

Back Next

QRadar uses ingested events and flows to build up asset data.


Which data artifacts does QRadar extract from flow payloads?

The asset ID in the header


The asset ID in the payload
The Flow ID and IP addresses

IP addresses, ports, and protocols 

Question 3

Incorrect

Points out of 1.00

QRadar categorizes log sources on the Log Activity tab. Which


low level category indicates that the log source is not yet
recognized and parsed properly?

Unknown events 
DSM undefined

Offense generated

Stored events

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 2/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 4

Correct

Points out of 1.00

Back Next

What is the name of the event detail when an event arrives in


the event pipeline, and an object is created in memory?

Pipeline time
Object time

Start time 

Storage time

Question 5

Correct

Points out of 1.00

QRadar provides many methods for managing multiple


offenses. What is offense indexing?

Provides the capability to group events or flows from 


different rules, that are organized on the same
property, together in a single offense.

Provides a list of offenses in alphabetical order to make it


easier for analysts to locate offenses
Provides the impact of the offense on your network.

Marks certain offenses to make searches quicker.

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 3/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 6

Correct

Points out of 1.00

Back Next

When QRadar ingests data, it uses many elements of an event


to categorize the event for further processing. Which three
event keys help determine the QIDmap entry?

Log source type ID, event ID, event category 


Flow ID, Router ID, Timestamp

User ID, Event Category, Geolocation

Source IP, Destination IP, Port

Question 7

Correct

Points out of 1.00

What is the relationship between asset updates and the


corresponding asset in the asset database called?

Asset processing
Asset deduplication

Asset profile

Asset reconciliation 

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 4/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 8

Correct

Points out of 1.00

Back Next

The Analyst Workflow app allows you to investigate security


issues in offenses, and perform many other tasks. Which
feature in the Analyst Workflow app helps you to create an
AQL search?

Offense filter

Smart filter
Advanced Language search

Query builder 

Question 9

Correct

Points out of 1.00

Which QRadar component maintains all offenses?

Rule Wizard

Processor

Ariel database
Magistrate 

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 5/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 10

Correct

Points out of 1.00

Back Next

If your organization acquires a company with hosts that have


the same IP addresses as host that your QRadar environment
already manages, what must you configure if you want to use
overlapping IP addresses?

Custom Rules

Domains 
Reference Sets

Tenants

Question 11

Correct

Points out of 1.00

Which QRadar component can identify a log source and, then,


assign the appropriate DSM to the log source?

QRadar Console

Ariel Database

Traffic analysis 

Normalization

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 6/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 12

Correct

Points out of 1.00

Back Next

The offense tab and offense details page display multiple


information entries for offenses. What is offense severity?

Describes how many offenses a rule generates.

Describes how trustworthy the information is that


contributes to the offense.

Determines the impact that an offense has on your


network.

Describes a level of threat that a source poses in 


relation to how prepared the destination is for the
attack.

Question 13

Correct

Points out of 1.00

If you have configured domains in your QRadar environment,


you can create rules that are triggered based on one, multiple,
or all domains. What type of rule triggers when the counters
from all domains add up to the rule threshold?

Any domain rule 

Multiple Domain rule

Threshold rule

Single Domain rule

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 7/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 14

Incorrect

Points out of 1.00

Back Next

What is the situation called when systems that generate data


with matching asset identifiers cause aggressive merging?

Deviant asset growth

Asset merging 

Asset reconciliation

Asset profiling

Question 15

Correct

Points out of 1.00

What is considered a QRadar "network endpoint" that sends or


receives data across your network infrastructure?

A QRadar collector

An asset 

A log source

A building block

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 8/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 16

Correct

Points out of 1.00

Back Next

QRadar ingests raw payload data into its event data pipeline
using the protocol component. Which QRadar component
defines how the received data is parsed and normalized?

Log Source Type (DSM) 

License Manager

Log Source Management app

Traffic Analysis

Question 17

Correct

Points out of 1.00

A managed security service provider, or MSSP, can offer


security services to multiple clients while keeping client data
separate. How can MSSPs provide these services to multiple
client organizations?

By using separate QRadar Consoles.

By using a single shared QRadar deployment. 

By using dedicated QRadar Event and Flow Processors


per client.

By using a multi-divisional QRadar deployment.

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 9/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 18

Correct

Points out of 1.00

Back Next

Your QRadar environment needs to understand what are local


hosts, versus what are remote hosts in order to function
properly. What defines what is inside your network versus
what is outside your network?

VPN

Network Hierarchy 

Firewall

Custom Rule Engine

Question 19

Incorrect

Points out of 1.00

QRadar appliances perform multiple functions within the data


pipeline. Which QRadar SIEM component generates an
offense?

QRadar Console

QRadar Processor

Custom rule engine

QRadar Ariel Database 

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 10/11
8/5/24, 3:17 PM Configuration and Tuning [SIEM Deploy L4] Quiz: Attempt review

Question 20

Incorrect

Points out of 1.00

Back Next

When you configure domains in QRadar, you mainly do so to


create separate organizational units. What do domains create?

Tenant separation
Individual correlation entities

New network hierarchy nodes 

Dedicated sets of building blocks for individual


organizational entities

https://learn.ibm.com/mod/quiz/review.php?attempt=3325821&cmid=270682 11/11

You might also like