How is an event magnitude calculated?

A. As the sum of the three properties Severity, Credibility and Relevance of the Event

B. As the sum of the three properties Severity, Credibility and Importance of the Event

C. As a weighted mean of the three properties Severity, Credibility and Relevance of the Event

D. As a weighted mean of the three properties Severity, Credibility and Importance of the Event

What is a capability of the Network Hierarchy in QRadar?

A. Determining and identifying local and remote hosts

B. Capability to move hosts from local to remote network segments

C. Viewing real-time PCAP traffic between host groups to isolate malware

D. Controlling DHCP pools for segments groups (i.e. marketing, DMZ, VoIP)

An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username. What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?

A. Each matching event will be tagged with the Rule name, but only one Offense will be created.

B. Each matching event will cause a new Offense to be created and will be tagged with the Rule name.

C. Events will be tagged with the rule name as long as the Rule Response limiter is satisfied. Only one offense will be created.

D. Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.

Which three optional items can be added to the Default and Custom Dashboards without requiring additional licensing? (Choose three.)

A. Offenses

B. Log Activity

C. Risk change

D. Flow Search

E. Risk Monitoring

F. Asset Management

What ability does marking a custom property as "optimized" provide?

A. Allows you to use the custom property in a rule test

B. Allows you to process events above your license rating

C. Allows offenses to merge both events and flows into the same offense

D. Allows for offenses, events and flows to be compared directly in real time

What is the difference between an offense and a triggered rule?

A. Offenses are created every time a rule's tests are satisfied, but a rule may only trigger if the response limiter allows.

B. The first time a rule triggers, it will create an offense, after than to new offense will be created for the same index type.

C. A rule will always trigger if its tests are satisfied, but an offense may only be created if the event magnitude is greater than 6.

D. An offense may be created or updated by a triggered rule, but a rule will always trigger when the tests are satisfied.

Given the following window:

What are the steps to get this window within an offense?

A. Right click on the IP > Information > DNS Lookup

B. Right click on the IP > Information > Reverse DNS

C. Right click on the IP > Information > WHOIS Lookup

D. Right click on the IP > Information > Asset Profile

Which three could be considered a log source type? (Choose three.)

A. Red Hat Network

B. IBM ISS Proventia

C. QRadar Event Processor

D. Check Point Firewall-1

E. Sourcefire Flow Injector

F. McAfee ePolicy Orchestrator

Which three things can be found under the Information menu when right clicking an IP address? (Choose three.)

A. Asset Profile

B. DNS Lookup

C. Hide Offense

D. WHOIS Lookup

E. Annotation View

F. Username Lookup

What is the correct procedure to both assign and add a note to an offense from the Graphical User Interface (GUI)?

A. Both tasks must be done independently and can only be done on the Offenses Tab.

B. With the new release of 7.2.6 this can now be done in one step from the Offenses Tab only.

C. Both tasks must be done independently but can be completed from both the Offenses Tab and the Offense Summary Page.

D. With the new release 7.2.6 this can be done in one step, both the Offenses Tab and the Offense Summary Page.