IBM C1000-156 Exam - Topic 6 Question 39 Discussion

Actual exam question for IBM's C1000-156 exam

Question #: 39
Topic #: 6

[All C1000-156 Questions]

When will events or flows stop contributing to an offense?

AWhen the offense becomes dormant

BWhen the offense becomes inactive

CAfter the offense is assigned to an analyst

DWhen you protect the offense

Show Suggested Answer

Suggested Answer: A

In IBM QRadar SIEM V7.5, events or flows stop contributing to an offense when the offense becomes dormant. Here's how it works:

Dormant Offense: An offense becomes dormant when there is no new activity contributing to it for a specified period. This indicates that the threat or incident has not had any further related events or flows.

Contribution Stoppage: Once an offense is marked as dormant, no additional events or flows are added to it, which helps in managing the offense lifecycle and resources within QRadar.

This behavior helps in distinguishing between active and inactive threats, allowing security analysts to focus on ongoing incidents.

Reference The QRadar SIEM administration and user guides provide detailed explanations of offense management, including the conditions under which offenses become dormant and how this affects event and flow contributions.

by Jose at Mar 03, 2026, 02:38 PM

Limited Time Offer

25%

1 month ago

I think the answer might be A, but I'm not entirely sure what "dormant" really means in this context.

upvoted 0 times

...