C1000-163 Exam Questions

How can an analyst search for all events that include the keyword 'access'?

The Server Discovery function can update which system building block?

Which of these views is provided by the DSM Editor?

Before the creation of a new application instance with QRadar Assistant, with what entity must every application be associated?

As a deployment professional, which product do you recommend to reconstruct the raw network data that is related to a security breach?

Which of the following utilities can be run on Qradar?

QRadar rules can utilize reference data to further correlate results. Which term is a valid reference data type?

What QRadar Assistant app do?

For the management of applications with Qradar Assistant, which of these is not an option?

What is used to extract fields, define custom properties, categorize events, and define new QID definitions?

Which of these statements is true about network objects?

Retention buckets are sequenced in order. If a record matches all the filter criteria of multiple buckets, where is the record stored?

To review the internal changes done in Qradar, what log source in log activity tab must be selected?

While reviewing the performance of a QRadar distributed environment, you notice an abnormal number of events that were generated in the past 24 hours: 38750088 - Performance degrad...

Consider this description: Edit the and when either the source or destination IP is one of the following test to include the broadcast addresses of the network. This change removes...

In a multidomain and multitenant environment, how is event visibility provided to users?

Which utility is used for checking the integrity of event and flow logs?

A QRadar 3128 (All-in-One) typically processes up to __________ EPS and __________ FPM.

Which statement is valid about the SAML authentication feature?

A company is developing a QRadar app. They are already running apps on an App Host. Which of these proposed scenarios do you suggest?

If you face problems with HA, what folder do you look in to figure out?

Where is a custom log source type created?

Which IP address is used to log in to the active HA QRadar appliance?

Which QRadar app displays time series graphs for queries?

Which of these items forwards data to a QRadar Packet Capture appliance?

Which additional license is required to use the Am I Affected scan in the IBM Security QRadar Threat Intelligence app?

Which type of network hierarchy can be configured in QRadar?

Which module can be used when the management network access is not possible?

How do you log in to a managed host command line after you install QRadar?

What custom property types does QRadar support?

If it is not tuned properly, custom rules can cause performance issues. Which tool allows you to troubleshoot if a rule causes performance issues?

QRadar uses rules to monitor the events and flows in your network to detect security threats. When the events and flows meet the test criteria that is defined in the rules, an offe...

If a security analyst needs to filter Events according to when they occurred, which parameter should be used?

An organization's QRadar deployment was reviewed. It was determined that more storage is needed. Which appliance should be deployed to meet this need?

How are extensions added to a QRadar deployment?

Where are audit logs located?

An offense remains in a dormant state for __________days.

Under ATT&CK Actions, which option can be used to show an overview of the tactics covered in QRadar Use Case Manager?

Where can Building Blocks be updated in QRadar?

Access to the QRadar network services is controlled first on hosts with __________.

During an App Host migration, a deployment professional needs to ensure that all the apps are stopped. Which task will stop the apps from running?

On a Console migration, after the config backup restoration, what is required to ensure that the required configuration is migrated to the new appliance?

When multiple repositories are configured for authentication, what must a user do when they log in?

An authentication token is generated on the QRadar Console for WinCollect agent installation. What kind of WinCollect agent needs an authentication token?

Which direction value means that an undefined local Source IP accesses an external resource?

A QRadar analyst was asked to provide a selection of events for further investigation by somebody who does not have access to the QRadar system. Which of these approaches provides...

Upon initial configuration, a company asks their deployment professional to move backups to an external device. They are concerned about the percentage of storage space that is use...

The ____________ provides the current version, patch, and other system information for a QRadar system.

There are frequent network interruptions from a particular network zone called "Underground" to the network where QRadar components are installed. Some important applications, thou...

How can a QRadar user visualize the rules for MITRE ATT&CK coverage in Use Case Manager?