Question 1

An analyst wishes to review an event which has a rules test against both event and flow data. What kind of rule is this?

Options :

A : Anomaly rules

B : Threshold rules

C : Offense rules

D : Common rules

Answer: A

Question 2

What is the primary use of viewing the Magnitude metric on the Offenses tab?

Options :

A : Determine which events to investigate last.

B : Determine the credibility rating that is configured in the log source.

C : Understand the type of offense we are facing.

D : Identify the importance of the offense in your environment.

Answer: D

Question 3

AQRadar analyst can check the rule coverage of MITRE ATT&CK tactics and techniques by using Use Case Manager. In the Use Case Manager app, how can a QRadar analyst check the offenses triggered and mapped to MITRE ATT&CK framework?

Options :

A : By navigating to "CRE Report"

B : From Offenses tab

C : By clicking on "Tuning Home"

D : By navigating to "Detected in timeframe"

Answer: D

Question 4

When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?

Options :

A : ASSETS

B : PAYLOAD

C : OFFENSES

D : AOL QUERY

E : SAVED SEARCHES

Answer: A,C

Question 5

After conducting a thorough analysis, it was discovered that the traffic generated by an attacker targeting one system through many unique events in different categories is legitimate and should not be classified as an offense. Which tuning methodology guideline can be used to tune out this traffic?

Options :

A : Edit the Log Source Management app to tune the category

B : Edit the buildingblocks byusingtheCustomRulesEditor to tune the category

C : Edit the buildingblocks byusingtheCustomRulesEditor to tune the specific event

D : Edit the buildingblocks byusingtheCustomRulesEditor to tune the destinationIP address

Answer: C