If the IBM Security QRadar V7.0 MR4 operator wants to graph the flow data in the Network Activity tab, which three chart types can be presented? (Choose three.)
A. Pie Chart
B. Bar Chart
C. Line Chart
D. Area Chart
E. Gant Chart
F. Time Series Chart
Which statement about log source identifiers is true for the same log source identifier to be used more than once?
A. It must always be unique.
B. It must be unique amongst the same protocol.
C. It must be unique amongst the same log source group.
D. It must be unique amongst log sources of the same type
Which statement is most accurate regarding the information that NetFlow provides?
A. The start time of the conversation, the source and destination IP address, and the total bytes transferred.
B. The start time and the duration of the conversation, application ID, the source and the destination IP address.
C. The start time and duration of the conversation, the source and destination IP address, payload information, and the IP port number the data was sent to and received over.
D. The start time and duration of the conversation, the source and destination IP address, the IP port number the data was sent to and received over, and the total bytes transferred.
Which colored icon must be selected in the chart to change the chart type when viewing a grouped search?
A. The red X
B. The green star
C. The yellow gear
D. The blue question mark (?)
Which search parameter in the Log Activity tab must be used to filter events by activity (e.g. SSH Login Succeeded)?
A. Category
B. Magnitude
C. User Name
D. Log Source
What two tasks can be performed from the Assets tab? (Choose two.)
A. Edit asset severity
B. Clear vulnerabilities
C. Manually add asset profiles
D. Search assets that match specific attributes
E. Show which offenses an asset has been involved with
Which two fields are common in the Network Activity and Log Activities tabs? (Choose two.)
A. Source IP
B. Username
C. Application
D. Source Bytes
E. Destination Port
A user is complaining of slow traffic on a specific network segment. An administrator is investigating the source of the congestion using the IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. The
administrator has drilled down into the details of a traffic spike and is now on the Details tab.
If the administrator double-clicks on the top application in the list, and then sorts by the Total Bytes column, what information is displayed regarding the source and destination IPs of the devices?
A. The devices causing the least traffic for all applications
B. The devices causing the most traffic for all applications
C. The devices causing the least traffic for the selected application
D. The devices causing the most traffic for the selected application
An IBM Security GRadar V7.0 MR4 (QRadar) user has access to QRadar offenses. How do offenses appear in their My Offenses page?
A. Rules that have been created by the admin and that trigger an offense will also automatically put the triggered offense under their My Offenses page.
B. When the admin accesses the All Offenses option, they select Offenses and drag and drop them to their My Offenses page. Other QRadar users will no longer see the offenses that are put under their My Offenses page.
C. Anyone with access to the Offenses page will see all offenses. Under the My Offenses option, the person will see all offenses that have been assigned to them for further analysis and processing. These offenses are assigned from the All Offenses page by choosing the Assign option from the Action menu.
D. Rules that trigger an offense can also be configured in such way that the resulting offense is automatically assigned to the QRadar user who is notified of the offense by e-mail. The rule is configured to send an e-mail and if the e-mail address matches an e-mail addresse of any of the QRadar users then this offense is automatically added to the My Offenses page of this user.
How can a user display Raw events?
A. View drop-down > Raw Events
B. Action menu > View Raw Events
C. Display drop-down > Raw Events
D. Right-click on the events > View Raw Events