When you create a report, you must choose a chart type for each chart that is included in the report.
Which two (2) chart types can you include in a report?
A Security Analyst has noticed that an offense has been marked inactive.
How long had the offense been open since it had last been updated with new events or flows?
Which log source and protocol combination delivers events to QRadar in real time?
New vulnerability scanners are deployed in the company's infrastructure and generate a high number of offenses. Which function in the Use Case Manager app does an analyst use to update the list of vulnerability scanners?
Which two (2) types of data can be displayed by default in the Application Overview dashboard?
From the Offense Summary window, how is the list of rules that contributed to a chained offense identified?
What happens when you select "False Positive" from the right-click menu in the Log Activity tab?
What is the name of the data collection set used in QRadar that can be populated with lOCs or other external data?
When using the Dynamic Search window on the Admin tab, which two (2) data sources are available?
When examining lime fields on Event Information, which one represents the time QRadar received the raw event?
Which two (2) aggregation types are available for the pie chart in the Pulse app?
What type of building blocks would you use to categorize assets and server types into CIDR/IP ranges to exclude or include entire asset categories in rule tests?
An analyst wishes to review an event which has a rules test against both event and flow data.
What kind of rule is this?
How long will an AQL statement remain in execution if a time criteria is not specified, such as start, end, or last?
Which of these statements regarding the deletion of a generated content report is true?
Select all that apply
What is the sequence to create and save a new search called "Offense Data" that shows all the CRE events that are associated with offenses?
What does the Next Run Time column display when a report is queued for generation in QRadar?
What feature in QRadar uses existing asset profile data so administrators can define unknown server types and assign them to a server definition in building blocks and in the network hierarchy?
On the Reports tab in QRadar. what does the message "Queued (position in the queue)" indicate when generating a report?
Which parameter should be used if a security analyst needs to filter events based on the time when they occurred on the endpoints?
Many offenses are generated and an analyst confirms that they match some kind of vulnerability scanning.
Which building block group needs to be updated to include the source IP of the vulnerability assessment (VA) scanner to reduce the number of offenses that are being generated?
Which type of rule requires a saved search that must be grouped around a common parameter
Which two (2) options are at the top level when an analyst right-clicks on the Source IP or Destination IP that is associated with an offense at the Offense Summary?
A QRadar analyst would like to search for events that have fully matched rules which triggered offenses.
What parameter and value should the analyst add as filter in the event search?