Question 17 an administrator using ibm security

This preview shows page 12 - 16 out of 23 pages.

QUESTION 17 An Administrator using IBM Security QRadar SIEM V7.2.8 is using the following RegEx: ([-+]?\d*$) What type of information is it designed to extract? A. Integer B. IP address C. Port number D. Domain name Correct Answer: A
Section: (none) Explanation Explanation/Reference: Explanation: Sample regular expressions: • email: ([email protected][^\.].*\.[a-z]{2,}$) • URL: (http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\ S*)?$) • Domain Name: (http[s]?://(.+?)["/?:]) • Floating Point Number: ([-+]?\d*\.?\d*$) • Integer: ([-+]?\d*$) • IP Address: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b) For example: To match a log that resembles: SEVERITY=43 Construct the following Regular
Expression: SEVERITY=([-+]?\d*$) Reference QUESTION 18 An IBM Security QRadar SIEM V7.2.8 Administrator notices a specific MAC address added to the Asset Reconciliation Domain MAC was blacklisted. What scenario is causing this to occur? A
Section: (none) Explanation Explanation/Reference: Explanation:
Reference: QUESTION 19 The event pipeline for processing event data before viewing and using event data on the IBM Security QRadar SIEM V7.2.8 console consists of many components, what is one component? C
Section: (none) Explanation Explanation/Reference:
Explanation Reference QUESTION 20 An Administrator has configured a customized log source extension to provide asset updates to IBM Security QRadar SIEM V7.2.8. Instead of QRadar receiving an update that has the host name of the asset that the user logged in to, the log source generates many asset updates that all have the same host name. In this situation what will QRadar report?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture