Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IBM Exam C1000-162 Topic 1 Question 17 Discussion

Actual exam question for IBM's C1000-162 exam
Question #: 17
Topic #: 1
[All C1000-162 Questions]

After how much time will QRadar mark an Event offense dormant if no new events or flows occur?

Show Suggested Answer Hide Answer
Suggested Answer: B

QRadar will mark an Event offense as dormant if no new events or flows occur within 30 minutes. However, if QRadar did not process any events within 4 hours, this also triggers the offense to become dormant. Once dormant, the offense remains in this state for 5 days unless new events or flows are added.


by Honey at Jul 12, 2024, 10:14 AM

Limited Time Offer

25%

Off

Get Premium C1000-162 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Honey
10 months ago
I'm going with 24 hours. Anything less and QRadar would be marking events as dormant before I even finish my morning routine.
upvoted 0 times
Vi
9 months ago
Yeah, I agree. It gives enough time for new events to come in.
upvoted 0 times
...
Johnson
10 months ago
I think 24 hours is a safe bet.
upvoted 0 times
...
...
Suzan
10 months ago
Maybe it's 2 hours then, to strike a balance.
upvoted 0 times
...
Frederick
10 months ago
I agree with Chun, 24 hours seems excessive.
upvoted 0 times
...
Lashunda
10 months ago
C'mon, 30 minutes? That's barely enough time for me to grab a coffee. Gotta be 2 hours, at least.
upvoted 0 times
Marva
9 months ago
B) I think it's 24 hours. That seems like a long enough time for an offense to be marked as dormant.
upvoted 0 times
...
Pauline
9 months ago
A) Yeah, 30 minutes is way too short. 2 hours sounds more reasonable.
upvoted 0 times
...
Brandon
9 months ago
C) 24 hours
upvoted 0 times
...
Magnolia
9 months ago
A) 2 hours
upvoted 0 times
...
...
Chun
10 months ago
But wouldn't 24 hours be too long to wait?
upvoted 0 times
...
Suzan
10 months ago
I believe it's 30 minutes.
upvoted 0 times
...
Malcom
10 months ago
Haha, 5 minutes? That's way too short. QRadar needs at least a few hours to decide if an event is truly dormant.
upvoted 0 times
...
Yoko
11 months ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
Alesia
10 months ago
I'm not sure, but I think it's 24 hours as well. It seems like a reasonable timeframe.
upvoted 0 times
...
Teri
10 months ago
I believe it's 24 hours too. It gives enough time for any potential threats to be detected.
upvoted 0 times
...
Delpha
10 months ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
...
...
Chun
11 months ago
I think it's 24 hours.
upvoted 0 times
...

Save Cancel