What is a benefit of using a span port, mirror port, or network tap as flow sources for QRadar?
A. These sources are marked with a current timestamp.
B. These sources show the ASN number of the remote system.
C. These sources show the username that generated the flow.
D. These sources include payload for layer 7 application analysis.
What is the primary goal of data categorization and normalization in QRadar?
A. It allows data from different kinds of devices to be compared.
B. It preserves original data allowing for forensic investigations.
C. It allows for users to export data and import it into other system.
D. It allows for full-text indexing of data to improve search performance.
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?
A. Add Filter
B. Asset Search
C. Quick Search
D. Advanced Search
What is the default view when a user first logs in to QRadar?
A. Report Tab
B. Offense Tab
C. Dashboard tab
D. Messages menu
Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?
A. Outlier Rule
B. Anomaly Rule
C. Threshold Rule
D. Behavioral Rule
What is a capability of the Network Hierarchy in QRadar?
A. Determining and identifying local and remote hosts
B. Capability to move hosts from local to remote network segments
C. Viewing real-time PCAP traffic between host groups to isolate malware
D. Controlling DHCP pools for segments groups (i.e. marketing, DMZ, VoIP)
Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?
A. Outlier Rule
B. Anomaly Rule
C. Threshold Rule
D. Behavioral Rule
Which flow fields should be used to determine how long a session has been active on a network?
A. Start time and end time
B. Start time and storage time
C. Start time and last packet time
D. Last packet time and storage time
What are two default Report Groups? (Choose two.)
A. Analyst
B. Executive
C. Administration
D. Log Management
E. Network Management
Which three could be considered a log source type? (Choose three.)
A. Red Hat Network
B. IBM ISS Proventia
C. QRadar Event Processor
D. Check Point Firewall-1
E. Sourcefire Flow Injector
F. McAfee ePolicy Orchestrator
