IBM C1000-018 Certification Practice Questions & Answers

Question 6 of 60

After working with an Offense, an analyst set the Offense as hidden. What does the analyst need to do to view the Offense at a later time?

A.

In the all Offenses view, at the top of the view, select “Show hidden” from the “Select an option” drop-down.

B.

Search for all Offenses owned by the analyst.

C.

Click Clear Filter next to the “Exclude Hidden Offenses”.

D.

In the all Offenses view, select Actions, then select show hidden Offenses.

Question 7 of 60

What is the reason for this system notification?

A.

Deny ntpdate communication on port 423.

B.

Deny ntpdate communication on port 223.

C.

Deny ntpdate communication on port 323.

D.

Deny ntpdate communication on port 123.

Question 8 of 60

When an analyst sees the system notification “The appliance exceeded the EPS or FPM allocation within the last hour”, how does the analyst resolve this issue? (Choose two.)

A.

Delete the volume of events and flows received in the last hour.

B.

Adjust the license pool allocations to increase the EPS and FPM capacity for the appliance.

C.

Tune the system to reduce the volume of events and flows that enter the event pipeline.

D.

Adjust the resource pool allocations to increase the EPS and FPM capacity for the appliance.

E.

Tune the system to reduce the time window from 60 minutes to 30 minutes.

Question 9 of 60

An analyst is encountering a large number of false positive results. Legitimate internal network traffic contains valid flows and events which are making it difficult to identify true security incidents.

What can the analyst do to reduce these false positive indicators?

A.

Create X-Force rules to detect false positive events.

B.

Create an anomaly rule to detect false positives and suppress the event.

C.

Filter the network traffic to receive only security related events.

D.

Modify rules and/or Building Block to suppress false positive activity.

Question 10 of 60

What is the maximum time period for 3 subsequent events to be coalesced?

A.

10 minutes

B.

10 seconds

C.

5 minutes

D.

60 seconds