The Use Case Manager app has an option to see MITRE heat map.
Which two (2) factors are responsible for the different colors in MITRE heat map?
A task is set up to identify events that were missed by the Custom Rule Engine. Which two (2) types of events does an analyst look for?
What does an analyst need to do before configuring the QRadar Use Case Manager app?
Which of these statements regarding the deletion of a generated content report is true?
What type of custom property should be used when an analyst wants to combine extraction-based URLs, virus names, and secondary user names into a single property?
What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?
An analyst runs a search with correct AQL. but no errors or results are shown.
What is one reason this could occur?
Which two (2) options are used to search offense data on the By Networks page?
For a rule containing the test "and when the source is located in this geographic location" to work properly, what must a QRadar analyst configure?
When you create a report, you must choose a chart type for each chart that is included in the report.
Which two (2) chart types can you include in a report?
Events can be exported from the QRadar Log Activity tab in which file formats?
A QRadar analyst wants to limit the time period for which an AOL query is evaluated. Which functions and clauses could be used for this?
Which two (2) are valid options available for configuring the frequency of report execution in the QRadar Report wizard?
Which log source and protocol combination delivers events to QRadar in real time?
Which type of rule requires a saved search that must be grouped around a common parameter
On the Log Activity tab in QRadar. what are the options available when right-clicking an IP address of an event to access more event filter information?
Many offenses are generated and an analyst confirms that they match some kind of vulnerability scanning.
Which building block group needs to be updated to include the source IP of the vulnerability assessment (VA) scanner to reduce the number of offenses that are being generated?
Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?
Which parameters are used to calculate the magnitude rating of an offense?
An analyst wants to implement an AQL search in QRadar. Which two (2) tabs can be used to accomplish this implementation?
Several systems were initially reviewed as active offenses, but further analysis revealed that the traffic generated by these source systems is legitimate and should not contribute to offenses.
How can the activity be fine-tuned when multiple source systems are found to be generating the same event and targeting several systems?
What two (2) guidelines should you follow when you define your network hierarchy?
Which IBM X-Force Exchange feature could be used to query QRadar to see if any of the lOCs were detected for COVID-19 activities?
An analyst must create a reference set collection containing the IPv6 addresses of command-and-control servers in an IBM X-Force Exchange collection in order to write a rule to detect any enterprise traffic with those malicious IP addresses.
What value type should the analyst select for the reference set?
What is the name of the data collection set used in QRadar that can be populated with lOCs or other external data?
A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which fitters can the Security Analyst use to search for the information requested?