Which type of rule should you use to test events or (lows for activities that are greater than or less than a specified range?

• A.Behavioral rules
• B.Anomaly rules
• C.Custom rules
• D.Threshold rules

Comment: *

Name: *

Email: *

Verification: *

Which flow fields should be used to determine how long a session has been active on a network?

• A.Start time and storage time
• B.Last packet time and storage time
• C.Start time and end time
• D.Start time and last packet time

Comment: *

Name: *

Email: *

Verification: *

After conducting a thorough analysis, it was discovered that the traffic generated by an attacker targeting one system through many unique events in different categories is legitimate and should not be classified as an offense.
Which tuning methodology guideline can be used to tune out this traffic?

• A.Edit the buildingblocks byusingtheCustomRulesEditor to tune the specific event
• B.Edit the buildingblocks byusingtheCustomRulesEditor to tune the category
• C.Edit the Log Source Management app to tune the category
• D.Edit the buildingblocks byusingtheCustomRulesEditor to tune the destinationIP address

Comment: *

Name: *

Email: *

Verification: *

An analyst wishes to review an event which has a rules test against both event and flow data.
What kind of rule is this?

• A.Anomaly rules
• B.Threshold rules
• C.Offense rules
• D.Common rules

Comment: *

Name: *

Email: *

Verification: *

Which statement regarding the use of the internal structured language of the QRadar database is true?

• A.Use AQL to extract, filter, and perform actions on event and flow data that you extract from the Ariel database
• B.Use AQL to extract, filter and manipulate event, flow and use cases data from the Ariel database
• C.Use AQL to accelerate and make tuning event and flow data from the Ariel database
• D.Use AQL to accelerate and make tuning event, flow and use cases data from the Ariel database

Comment: *

Name: *

Email: *

Verification: *