Free Online IBM C1000-139 Practice Test

Prepare Your IBM C1000-139 Exam Questions with Free online C1000-139 Practice Test. Get Brilliant IBM Security QRadar SIEM V7.4.3 Analysis Exam Results with Valid C1000 139 Exam Dumps.

Page: 1 / 20

Total 100 Questions | Updated On: May 14, 2024

Add To Cart

Question 1

A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system. Which of these approaches provides an accurate copy of the required data in a readable format?

A : By using the Advanced Search option in the Log Activity tab, run an AQL command: COPY(SELECT * FROM events LAST 2 HOURS) TO 'output_events.csv' WITH CSV.

B : Log in to the Command Line Interface and use the ACP tool (/opt/qradar/bin/runjava.sh com.q1labs.ariel.io.ACP) with the necessary AQL filters and destination directory.

C : By using the "Event Export (with AQL)" option in the Log Activity tab, test your query with the Test button. Then, to run the export, click Export to CSV.

D : By using the Log Activity tab, filter the events until only those that you require are shown. Then, from the Actions list, select Export to CSV > Full Export (All Columns) to download a ZIP file.

E : L

Answer: D

Question 2

An analyst had been researching an Offense that has now disappeared from the active Offense list. What is the period of time that has to pass before an active Offense that receives no new contributing events or flows become inactive?

A : 5 days

B : 3 days

C : 24 hours

D : 1 hour

Answer: A

Question 3

Which of these procedures duplicates a report from the Reports tab?

A : Right-click the report to duplicate. Click Duplicate and type a new name for the report.

B : Click Action > Duplicate Report. Select the report to duplicate and click Finish.

C : Select the report to duplicate. From the Actions list, click Duplicate and type a new name for the report.

D : Click Actions, then select the report to duplicate from the pop-up window. Click Duplicate and type a new name for the report.

Answer: C

Question 4

If a security analyst needs to filter Events according to when they occurred, which parameter should be used?

A : Start Date

B : Start Time

C : Storage Time

D : Log Source Time

Answer: D

Question 5

What is a difference between a flow and an event?

A : An event occur at a moment in time while flows have a duration from the flow source.

B : A flow is a record from a log source, such as a firewall or router device, that describes an action on a network. An event analysis provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

C : A flow occurs at a moment in time while events have a duration from a log source.

D : An event is a record from a log source, such as a firewall or router device, that describes an action on a network. A flow record provides visibility into layer 7 for applications such as web browsers, NFS, SNMP, Telnet, and FTP.

Answer: D

Page: 1 / 20

Total 100 Questions | Updated On: May 14, 2024

Add To Cart