Question 1

Which type of rule requires a saved search that must be grouped around a common parameter

Options :

A : Flow Rule

B : Event Rule

C : Common Rule

D : Anomaly Rule

Answer: B

Question 2

After conducting a thorough analysis, it was discovered that the traffic generated by an attacker targeting one system through many unique events in different categories is legitimate and should not be classified as an offense. Which tuning methodology guideline can be used to tune out this traffic?

Options :

A : Edit the Log Source Management app to tune the category

B : Edit the buildingblocks byusingtheCustomRulesEditor to tune the category

C : Edit the buildingblocks byusingtheCustomRulesEditor to tune the specific event

D : Edit the buildingblocks byusingtheCustomRulesEditor to tune the destinationIP address

Answer: C

Question 3

AQRadar analyst can check the rule coverage of MITRE ATT&CK tactics and techniques by using Use Case Manager. In the Use Case Manager app, how can a QRadar analyst check the offenses triggered and mapped to MITRE ATT&CK framework?

Options :

A : By navigating to "CRE Report"

B : From Offenses tab

C : By clicking on "Tuning Home"

D : By navigating to "Detected in timeframe"

Answer: D

Question 4

Which QRadar component provides the user interface that delivers real-time flow views?

Options :

A : QRadar Viewer

B : QRadar Console

C : QRadar Flow Collector

D : QRadar Flow Processor

Answer: B

Question 5

How does a QRadar analyst get to more information about a MITRE entry in the Use Case Manager?

Options :

A : Hover over the entry and read the tooltip

B : Highlight the entry and click the help button

C : Click the Tactic’s Explore icon to reveal and open the MITRE web page

D : Use the Threat Intelligence app

Answer: C