IBM C1000-162 Exam - Topic 2 Question 25 Discussion

Actual exam question for IBM's C1000-162 exam

Question #: 25
Topic #: 2

What is an effective method to fix an event that is parsed an determined to be unknown or in the wrong QReader category/

ACreate a DSM extension to extract the category from the payload

BCreate a Custom Property to extract the proper Category from the payload

COpen the event details, select map event, and assign it to the correct category

DWrite a Custom Rule, and use Rule Response to send a new event in the proper category

Show Suggested Answer

Suggested Answer: B

The magnitude rating of an offense in QRadar is calculated based on relevance, severity, and credibility. Relevance determines the impact on the network, credibility indicates the integrity of the offense, and severity represents the level of threat. QRadar uses complex algorithms to calculate and periodically re-evaluate the offense magnitude rating.

by Jerrod at Sep 19, 2024, 02:40 AM

Limited Time Offer

25%

Off

Get Premium C1000-162 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kris

4 months ago

Wait, can you really just map events like that? Sounds too easy!

upvoted 0 times

...

Eden

4 months ago

A DSM extension sounds like a solid approach too!

upvoted 0 times

...

Francisca

4 months ago

Not sure about D, seems overly complicated for this.

upvoted 0 times

...

Tijuana

5 months ago

Definitely agree with C, super straightforward!

upvoted 0 times

...

Cordelia

5 months ago

I think option C is the quickest fix.

upvoted 0 times

...

Jani

5 months ago

Option D seems like it could be a solid approach, especially if we need to automate the categorization. I just hope I remember how to write a Custom Rule correctly!

upvoted 0 times

...

Dorsey

5 months ago

I feel like option B could work too, but I can't recall if Custom Properties are always the best way to handle misclassified events.

upvoted 0 times

...

Barney

5 months ago

I remember we discussed DSM extensions before, so option A might be a good choice. But I’m not confident about the specifics of creating one.

upvoted 0 times

...

Teddy

6 months ago

I think option C sounds familiar, like we practiced mapping events in our last session. But I'm not entirely sure if that's the most effective method.

upvoted 0 times

...

Maile

6 months ago

Ah, I see what they're getting at here. Creating a custom property to extract the category from the payload seems like the most straightforward approach. I'll make sure I understand how to set that up properly.

upvoted 0 times

...

Winfred

6 months ago

I'm a bit confused by all the technical jargon in this question. Is there a simpler way to fix this issue? I might need to do some more research on event management before the exam.

upvoted 0 times

...

Annamaria

6 months ago

Option D looks promising - writing a custom rule to reclassify the event. That way I can automate the process instead of having to do it manually. I'll make sure to review the details on custom rules before the exam.

upvoted 0 times

...

Jutta

6 months ago

Hmm, I'm a bit unsure about this one. The options seem to involve some more advanced techniques like DSM extensions and custom rules. I'll need to think this through carefully.

upvoted 0 times

...

Elouise

6 months ago

This seems like a straightforward question about handling unknown or misclassified events. I think I'll go with option C - opening the event details and manually mapping it to the correct category.

upvoted 0 times

...

Tatum

10 months ago

I bet the developers who came up with these options were having a laugh. 'Let's see if they can figure out the sane one!'

upvoted 0 times

...

Dean

10 months ago

Hmm, I wonder if there's an 'E) Summon the QReader gods and offer them a sacrifice' option hidden somewhere.

upvoted 0 times

Eladia

9 months ago

D) Write a Custom Rule, and use Rule Response to send a new event in the proper category

upvoted 0 times

...

Ailene

9 months ago

C) Open the event details, select map event, and assign it to the correct category

upvoted 0 times

...

Audry

9 months ago

B) Create a Custom Property to extract the proper Category from the payload

upvoted 0 times

...

Elke

9 months ago

A) Create a DSM extension to extract the category from the payload

upvoted 0 times

...

Yolando

11 months ago

Option A? Really? Creating a whole DSM extension for this? That's like using a sledgehammer to crack a nut.

upvoted 0 times

Daren

10 months ago

D) Write a Custom Rule, and use Rule Response to send a new event in the proper category

upvoted 0 times

...

Felice

10 months ago

C) Open the event details, select map event, and assign it to the correct category

upvoted 0 times

...

Rochell

10 months ago

B) Create a Custom Property to extract the proper Category from the payload

upvoted 0 times

...

Kandis

11 months ago

Option B could work, but creating a custom property just to extract the category seems like overkill. I'd rather use a more direct approach.

upvoted 0 times

Jade

10 months ago

D) Write a Custom Rule, and use Rule Response to send a new event in the proper category

upvoted 0 times

...

Lindsey

10 months ago

C) Open the event details, select map event, and assign it to the correct category

upvoted 0 times

...

Dylan

11 months ago

A) Create a DSM extension to extract the category from the payload

upvoted 0 times

...

Latricia

11 months ago

I'd go with Option D. Writing a custom rule to handle the issue and generate a new event in the proper category seems more flexible and scalable.

upvoted 0 times

Julio

11 months ago

I prefer creating a Custom Property to extract the proper Category.

upvoted 0 times

...

Stephaine

11 months ago

Creating a DSM extension could work too.

upvoted 0 times

...

Marci

11 months ago

I agree, writing a custom rule seems like the most effective solution.

upvoted 0 times

...

Danica

11 months ago

I think Option D is the best choice.

upvoted 0 times

...

Lavina

12 months ago

Option C looks like the most straightforward solution. Modifying the event mapping seems like the easiest way to reassign the category.

upvoted 0 times

Jolene

11 months ago

I think creating a Custom Property could also work well to extract the correct category.

upvoted 0 times

...

Lawanda

11 months ago

I agree, option C seems like the most efficient way to fix the event category.

upvoted 0 times

...

Shanice

12 months ago

I believe writing a Custom Rule and using Rule Response is the most effective way.

upvoted 0 times

...

Lavonne

12 months ago

I prefer creating a Custom Property to extract the proper Category.

upvoted 0 times

...

Elsa

12 months ago

I think creating a DSM extension is the best method.

upvoted 0 times

...