Question 1

What kind of value is in the red box in this picture?

Options :

A : A risk score.

B : A source ranking.

C : An event priority.

D : An IP address rating.

Answer: A

Question 2

When investigating, what is the best way to store a newly-found IOC?

Options :

A : Paste it into Notepad.

B : Click the ''Add IOC'' button.

C : Click the ''Add Artifact'' button.

D : Add it in a text note to the investigation.

Answer: B

Question 3

Glass tables can display static images and text, the results of ad-hoc searches, and which of the following objects?

Options :

A : Lookup searches.

B : Summarized data.

C : Security metrics.

D : Metrics store searches.

Answer: C

Question 4

Which of these Is a benefit of data normalization?

Options :

A : Reports run faster because normalized data models can be optimized for better performance.

B : Dashboards take longer to build.

C : Searches can be built no matter the specific source technology for a normalized data type.

D : Forwarder-based inputs are more efficient.

Answer: A

Question 5

Which settings indicated that the correlation search will be executed as new events are indexed?

Options :

A : Always-On

B : Real-Time

C : Scheduled

D : Continuous

Answer: C