New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IBM C1000-162 Exam - Topic 1 Question 17 Discussion

Actual exam question for IBM's C1000-162 exam
Question #: 17
Topic #: 1
[All C1000-162 Questions]

After how much time will QRadar mark an Event offense dormant if no new events or flows occur?

Show Suggested Answer Hide Answer
Suggested Answer: B

QRadar will mark an Event offense as dormant if no new events or flows occur within 30 minutes. However, if QRadar did not process any events within 4 hours, this also triggers the offense to become dormant. Once dormant, the offense remains in this state for 5 days unless new events or flows are added.


by Honey at Jul 12, 2024, 10:14 AM

Limited Time Offer

25%

Off

Get Premium C1000-162 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
William
3 months ago
Definitely not 5 minutes, that's way too short.
upvoted 0 times
...
Brent
3 months ago
Wait, really? 24 hours seems too long!
upvoted 0 times
...
Ernest
3 months ago
I thought it was 30 minutes, not 2 hours.
upvoted 0 times
...
Annice
4 months ago
Totally agree, I've seen it happen!
upvoted 0 times
...
Raul
4 months ago
It's 2 hours for dormant offenses.
upvoted 0 times
...
Alise
4 months ago
I thought it was 5 minutes, but that seems too short for an event to be marked dormant.
upvoted 0 times
...
Dottie
4 months ago
I’m torn between 24 hours and 2 hours; I know it’s one of those two, but I can’t recall which.
upvoted 0 times
...
Sabra
4 months ago
I remember practicing a question about event dormancy, and I feel like it was 30 minutes.
upvoted 0 times
...
Timothy
5 months ago
I think QRadar marks an event dormant after 2 hours, but I’m not completely sure.
upvoted 0 times
...
Renea
5 months ago
5 minutes? That seems way too fast for an event to be marked dormant. I'm going to rule that one out and go with the longer time period of 2 hours.
upvoted 0 times
...
Timothy
5 months ago
Hmm, I'm not totally confident on this one. I think it might be 30 minutes, but I'm not 100% certain.
upvoted 0 times
...
Pearlene
5 months ago
I'm pretty sure it's 2 hours, but I'll double-check the QRadar documentation just to be sure.
upvoted 0 times
...
Micaela
5 months ago
Okay, let me think this through. I know QRadar has a dormancy period for events, so I'm guessing it's either 2 hours or 24 hours. I'll eliminate the other options and go with C.
upvoted 0 times
...
Reita
5 months ago
I'm leaning towards C as well. An audit trail just seems like the most practical and valuable reason to log all incidents, rather than just filling out fields or creating a personal database.
upvoted 0 times
...
Yoko
5 months ago
I'm pretty confident the answer is C. The code increments aVar by 1 before printing the message, so with aVar = 9, the output should be 10 Hello World!
upvoted 0 times
...
Honey
2 years ago
I'm going with 24 hours. Anything less and QRadar would be marking events as dormant before I even finish my morning routine.
upvoted 0 times
Vi
2 years ago
Yeah, I agree. It gives enough time for new events to come in.
upvoted 0 times
...
Johnson
2 years ago
I think 24 hours is a safe bet.
upvoted 0 times
...
...
Suzan
2 years ago
Maybe it's 2 hours then, to strike a balance.
upvoted 0 times
...
Frederick
2 years ago
I agree with Chun, 24 hours seems excessive.
upvoted 0 times
...
Lashunda
2 years ago
C'mon, 30 minutes? That's barely enough time for me to grab a coffee. Gotta be 2 hours, at least.
upvoted 0 times
Marva
1 year ago
B) I think it's 24 hours. That seems like a long enough time for an offense to be marked as dormant.
upvoted 0 times
...
Pauline
1 year ago
A) Yeah, 30 minutes is way too short. 2 hours sounds more reasonable.
upvoted 0 times
...
Brandon
1 year ago
C) 24 hours
upvoted 0 times
...
Magnolia
2 years ago
A) 2 hours
upvoted 0 times
...
...
Chun
2 years ago
But wouldn't 24 hours be too long to wait?
upvoted 0 times
...
Suzan
2 years ago
I believe it's 30 minutes.
upvoted 0 times
...
Malcom
2 years ago
Haha, 5 minutes? That's way too short. QRadar needs at least a few hours to decide if an event is truly dormant.
upvoted 0 times
...
Yoko
2 years ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
Alesia
2 years ago
I'm not sure, but I think it's 24 hours as well. It seems like a reasonable timeframe.
upvoted 0 times
...
Teri
2 years ago
I believe it's 24 hours too. It gives enough time for any potential threats to be detected.
upvoted 0 times
...
Delpha
2 years ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
...
...
Chun
2 years ago
I think it's 24 hours.
upvoted 0 times
...

Save Cancel