IBM C1000-018 Exam Practice Questions (P. 4)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #16
An analyst is investigating an Offense and has found that the issue is that a firewall appears to be misconfigured and has permitted traffic that should be prevented to pass.
As part of the firewall rule change process, the analyst needs to send the offense details to the firewall team to demonstrate that the firewall permitted traffic that should have been blocked.
How would the analyst send the Offense summary to an email mailbox?
As part of the firewall rule change process, the analyst needs to send the offense details to the firewall team to demonstrate that the firewall permitted traffic that should have been blocked.
How would the analyst send the Offense summary to an email mailbox?
- AFind the CRE Event in the Log Activity tab, open the event detail and select ‘Email linked Offense details’ from the ‘Action’ menu.
- BSearch for the events linked to the Offense in the Log Activity tab; Select all events and copy them using CTRL-C then paste into an email client.
- COpen the Offense in the Offenses tab, select ‘Email’ from the ‘Action’ menu item and, optionally, add some extra information.
- DIdentify the Offense in the Offense list, right click on the Offense and select ‘Custom Action Script’; ‘Offense Mailer’
Correct Answer:
B
B
send
light_mode
delete
Question #17
Which statement about False Positive Building Blocks applies?
Using False Positive Building Blocks:
Using False Positive Building Blocks:
- Ahelps to prevent unwanted alerts, but there is no effect on performance.
- Bhelps to prevent unwanted alerts, and reduces the performance impact of testing rules that do not need to be tested.
- Chas no impact on unwanted alerts, but it does reduce the performance impact of testing rules that do not need to be tested.
- Dhas no impact on unwanted alerts, or performance.
Correct Answer:
A
A
send
light_mode
delete
Question #18
An auditor has requested a report for all Offenses that have happened in the past month. This report generates at the end of every month but the auditor needs to have it for a meeting that is in the middle of the month.
What will happen to the scheduled report if the analyst manually generates this report?
What will happen to the scheduled report if the analyst manually generates this report?
- AThe scheduled report needs to be reconfigured.
- BThe analyst needs to delete the scheduled report and create a new one.
- CThe report will get duplicated so the analyst can then run one manually.
- DThe report still generates on the schedule initially configured.
Correct Answer:
B
B
send
light_mode
delete
Question #19
An analyst needs to investigate an Offense and navigates to the attached rule(s).
Where in the rule details would the analyst investigate the reason for why the rule was triggered?
Where in the rule details would the analyst investigate the reason for why the rule was triggered?
- ARule response limiter
- BList of test conditions
- CRule actions
- DRule responses
Correct Answer:
A
A
send
light_mode
delete
Question #20
An analyst is performing an investigation regarding an Offense. The analyst is uncertain to whom some of the external destination IP addresses in List of Events are registered.
How can the analyst verify to whom the IP addresses are registered?
How can the analyst verify to whom the IP addresses are registered?
- ARight-click on the destination address, More Options, then Navigate, and then Destination Summary
- BRight-click on the destination address, More Options, then IP Owner
- CRight-click on the destination address, More Options, then Information, and then WHOIS Lookup
- DRight-click on the destination address, More Options, then Information, and then DNS Lookup
Correct Answer:
A
A
send
light_mode
delete
All Pages