Questions for the C1000-162 were updated on : Dec 01 ,2025
Page 1 out of 5. Viewing questions 1-15 out of 64
Question 1
What is the effect of toggling the Global/Local option to Global in a Custom Rule?
A. It allows a rule to compare events & flows in real time.
B. It allows a rule to analyze the geographic location of the event source.
C. It allows rules to be tracked by the central processor for detection by any Event Processor.
D. It allows a rule to inject new events back into the pipeline to affect and update other incoming events.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
A Security Analyst has noticed that an offense has been marked inactive. How long had the offense been open since it had last been updated with new events or flows?
A. 1 day + 30 minutes
B. 5 days + 30 minutes
C. 10 days + 30 minutes
D. 30 days + 30 minutes
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which two high level Event Categories are used by QRadar? (Choose two.)
A. Policy
B. Direction
C. Localization
D. Justification
E. Authentication
Answer:
A, E
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 4
What can be considered a log source type?
A. ICMP
B. SNMP
C. Juniper IOP
D. Microsoft SMBtail
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which type of rule requires a saved search that must be grouped around a common parameter
A. Flow Rule
B. Event Rule
C. Common Rule
D. Anomaly Rule
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
What is an effective method to fix an event that is parsed an determined to be unknown or in the wrong QReader category/
A. Create a DSM extension to extract the category from the payload
B. Create a Custom Property to extract the proper Category from the payload
C. Open the event details, select map event, and assign it to the correct category
D. Write a Custom Rule, and use Rule Response to send a new event in the proper category
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username. Which fitters can the Security Analyst use to search for the information requested?
A. Offense ID, Source IP, Username
B. Magnitude, Source IP, Destination IP
C. Description, Destination IP. Host Name
D. Specific Interval, Username, Destination IP
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Which browser is officially supported for QRadar?
A. Safari version 9.0-3
B. Chromium version 33
C. 32-bit Internet Explorer 9
D. Firefox version 38.0 ESR
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which flow fields should be used to determine how long a session has been active on a network?
A. Start time and end time
B. Start time and storage time
C. Start time and last packet time
D. Last packet time and storage time
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
How does a Device Support Module (DSM) function?
A. A DSM is a configuration file that combines received events from multiple log sources and displays them as offenses in QRadar.
B. A DSM is a background service running on the QRadar appliance that reaches out to devices deployed in a network for configuration data.
C. A DSM is a configuration file that parses received events from multiple log sources and converts them to a standard taxonomy format that can be displayed as outputs.
D. A DSM is an installed appliance that parses received events from multiple log sources and converts them to a standard taxonomy format that can be displayed as outputs.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
Which kind of information do log sources provide?
A. User login actions
B. Operating system updates
C. Flows generated by users
D. Router configuration exports.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
A mapping of a username to a user’s manager can be stored in a Reference Table and output in a search or a report. Which mechanism could be used to do this?
A. Quick Search filters can select users based on their manager’s name.
B. Reference Table lookup values can be accessed in an advanced search.
C. Reference Table lookup values can be accessed as custom event properties.
D. Reference Table lookup values are automatically used whenever a saved search is run.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Which log source and protocol combination delivers events to QRadar in real time?
A. Sophos Enterprise console via JDBC
B. McAfee ePolicy Orchestrator via JDBC
C. McAfee ePolicy Orchestrator via SNMP
D. Solaris Basic Security Mode (BSM) via Log File Protocol
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Which QRadar component provides the user interface that delivers real-time flow views?