Question 1
A Deployment Professional has detected a big spike in a customer’s “Malware infection detected” rule that monitors their endpoint anti-virus solution. The spike happened over the weekend, but when the rule was checked, it was not changed. Since Monday morning, the rule has spiked and has not yet stopped generating offenses.
What was added to the customer's QRadar log sources that caused this problem?
Guest network in their offices.
Correct answer: B
Explanation:
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response. QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow. References:http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.htmlhttp://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response.
QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.html
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html