Event Property Demarcation

Questions and Answers

What demarcation is added to a custom event property to let you know that this value is held in memory for a set amount of time?

C. Indexed

Which of these is a valid CIDR length value to use when configuring the network hierarchy in QRadar?

C. /16

Which QRadar app displays time series graphs for queries?

C. Pulse

A QRadar administrator creates a new saved search in QRadar. Which option does the administrator enable to show the data from the search on the Dashboard tab?

D. Include in My Dashboard

Reports can be organized into groups for efficient utilization. What report groups are available by default in QRadar?

A. Compliance, Executive, Log Sources, Network Management, Security, VoIP, Other

QRadar rules can utilize reference data to further correlate results. Which term is a valid reference data type?

C. Reference map

Study Notes

Custom Event Property

• A demarcation is added to a custom event property to indicate that its value is held in memory for a set amount of time.

CIDR Length Value

• A valid CIDR length value for configuring the network hierarchy in QRadar is not specified, but it typically ranges from 0 to 32.

QRadar App

• The QRadar app that displays time series graphs for queries is not specified, but it could be the QRadar Analytics or QRadar SIEM.

Saved Search

• To show the data from a search on the Dashboard tab, a QRadar administrator must enable the Widget option.

Report Groups

• Reports in QRadar can be organized into groups for efficient utilization, and the following groups are available by default: Incident Response, Compliance, and Security Monitoring.

QRadar Rules

• QRadar rules can utilize reference data to further correlate results, and a valid reference data type is IP Address.