This access stage certification is meant for safety analysts who desire to validate their complete expertise of IBM Security QRadar SIEM V7.3.2.
These safety analysts will recognize simple networking, simple Security and SIEM and QRadar concepts.
They may also recognize the way to log in to, navigate inside, and provide an explanation for competencies of the product the use of the graphical consumer interface.
Additionally, they’ll additionally be capable of pick out reasons of offenses, and get admission to, interpret, and file safety facts in a QRadar deployment.
Note: The characteristic of precise apps, other than the 2 bundled with the product, is out of scope, however the idea of extending the functionality of the use of apps is in scope.
Basic expertise of:
IT Security concepts
General IT skills (browser navigation etc…)
net safety assault types
extra capabilities that want extra licenses inclusive of however now no longer constrained to QRadar Vulnerability Manager, QRadar Risk Manager, QRadar Flows, Incident Forensics
Exam C1000-018: IBM QRadar SIEM V7.3.2 Fundamental Analysis
The take a look at:
incorporates questions requiring unmarried and more than one solutions. For more than one-solution questions, you want to pick out all required alternatives to get the solution correct. You can be suggested what number of alternatives make up the perfect solution.
is designed to offer diagnostic remarks at the Examination Score Report, correlating returned to the take a look at objectives, informing the take a look at taker how she or he did on every phase of the take a look at. As a result, to preserve the integrity of every take a look at, questions and solutions aren’t distributed.
Please be aware this examination has been withdrawn and could get replaced with the aid of using the examination C1000-139
The take a look at includes five sections containing a complete of about 60 more than one-preference questions. The probabilities after every phase identify mirror the approximate distribution of the full query set throughout the sections.
Number of questions: 60
Number of inquiries to pass: 38
Time allowed: ninety minutes
Section 1: Monitor outputs of configured use cases.15%
Perform dashboard customization.
Review outputs in all to be had QRadar Tabs (Dashboards, Log Activity, Network Activity, Assets, etc.).
Navigate to, from and inside an offense.
Distinguish offenses from prompted guidelines.
Review safety get admission to developments and anomalies.
Review safety dangers and community vulnerabilities detected with the aid of using QRadar.
Describe the one-of-a-kind styles of guidelines like behavioral, occasion, go with the drift, not unusualplace, offense, anomaly and threshold guidelines.
Section 2: Perform preliminary research of indicators and offenses created with the aid of using QRadar.35�scribe the usage of the value of an offense.
Describe the QRadar community hierarchy.
Explain Offense info on offense info view, why/the way it become created.
Identify contributing occasion and or go with the drift facts for an offence.
Show offense lifecycle (e.g., Open, Closed, Assigned, Hidden, Protected).
Illustrate the proper click on characteristic (ie., occasion filtering, plugins, facts, navigate, other).
Break down prompted guidelines to pick out the cause of the offense.
Distinguish capability threats from in all likelihood fake positives.
Review the vulnerabilities and chance evaluation of the hosts which are worried withinside the offense.
Describe the jobs of safety gadgets which include firewall, IDS/IPS, Proxy, Authentication gadgets, Antivirus software program supported with the aid of using QRadar.
Perform offense control which include assign an offense to a consumer, close, shield or conceal an offense, upload notes, ship e mail or mark the offense for follow-up.
Demonstrate the way to export Flow/Event statistics for outside analysis.
Summarize the traits of the Standard Custom Properties, User-described Custom Properties and Normalized properties.
Outline Offense Closing Procedures.
Section 3: Identify and strengthen unwanted rule conduct to administrator.20%
Report capability fake positives.
Report rule utilization and offenses generated with the aid of using the ones guidelines.
Report any odd safety get admission to developments and occasions to safety admins.
Report threats, dangers, or vulnerabilities to community/safety admins, primarily based totally on severity.
Outline easy Offense naming mechanisms.
Interpret guidelines that take a look at for everyday expressions.
Explain applicable take a look at and the take a look at order of the guidelines.
Illustrate the distinction among rule responses and rule actions (e.g. limiter).
Recognize the “special” Building Blocks: Host Definition, Cat Definition, Port Definition.
Describe using the log reassets, go with the drift reassets, vulnerability scanners, and reference statistics.
Identify why guidelines aren’t being prompted as expected (e.g., dropped from CRE, or neighborhood vs global, stateful counters).
Section 4: Extract facts for everyday or adhoc distribution to purchaser of outputs.17%
Perform searches the use of filters.
Perform Quick (Lucene) searches.
Perform Advanced (AQL) searches.
Explain the one-of-a-kind makes use of for every seek type (ie., filtered, Quick and Advanced).
Interpret a timeseries graph in a dashboard.
Select appropriate preferred Reports for a situation.
Create and generate scheduled and guide reports.
Share findings approximately offenses with the aid of using dispensing offense element through e mail.
Discuss the content material of an occasion or go with the drift, inclusive of the normalized fields.
Section five: Identify and strengthen troubles almost about QRadar fitness and functionality.13%
Explain QRadar structure with the aid of using summarizing QRadar components (ie., Console, Event Processor, Event Collector, Flow Processor, Data Nodes and Flow Collector, App host).
Interpret not unusualplace machine notifications.
Illustrate the effect of QRadar assets indexes.
Distinguish whilst an occasion has coalesced facts in it.
Illustrate occasions that aren’t efficaciously parsed.
Explain QRadar timestamps (e.g., Log Source Time, Storage time, Start time).
Report any sellers or log reassets that aren’t reporting to QRadar on a everyday basis