Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IBM Exam C1000-162 Topic 1 Question 17 Discussion

Actual exam question for IBM's C1000-162 exam
Question #: 17
Topic #: 1
[All C1000-162 Questions]

After how much time will QRadar mark an Event offense dormant if no new events or flows occur?

Show Suggested Answer Hide Answer
Suggested Answer: B

QRadar will mark an Event offense as dormant if no new events or flows occur within 30 minutes. However, if QRadar did not process any events within 4 hours, this also triggers the offense to become dormant. Once dormant, the offense remains in this state for 5 days unless new events or flows are added.


Contribute your Thoughts:

Honey
4 months ago
I'm going with 24 hours. Anything less and QRadar would be marking events as dormant before I even finish my morning routine.
upvoted 0 times
Vi
3 months ago
Yeah, I agree. It gives enough time for new events to come in.
upvoted 0 times
...
Johnson
4 months ago
I think 24 hours is a safe bet.
upvoted 0 times
...
...
Suzan
4 months ago
Maybe it's 2 hours then, to strike a balance.
upvoted 0 times
...
Frederick
4 months ago
I agree with Chun, 24 hours seems excessive.
upvoted 0 times
...
Lashunda
4 months ago
C'mon, 30 minutes? That's barely enough time for me to grab a coffee. Gotta be 2 hours, at least.
upvoted 0 times
Marva
3 months ago
B) I think it's 24 hours. That seems like a long enough time for an offense to be marked as dormant.
upvoted 0 times
...
Pauline
3 months ago
A) Yeah, 30 minutes is way too short. 2 hours sounds more reasonable.
upvoted 0 times
...
Brandon
3 months ago
C) 24 hours
upvoted 0 times
...
Magnolia
4 months ago
A) 2 hours
upvoted 0 times
...
...
Chun
4 months ago
But wouldn't 24 hours be too long to wait?
upvoted 0 times
...
Suzan
5 months ago
I believe it's 30 minutes.
upvoted 0 times
...
Malcom
5 months ago
Haha, 5 minutes? That's way too short. QRadar needs at least a few hours to decide if an event is truly dormant.
upvoted 0 times
...
Yoko
5 months ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
Alesia
4 months ago
I'm not sure, but I think it's 24 hours as well. It seems like a reasonable timeframe.
upvoted 0 times
...
Teri
4 months ago
I believe it's 24 hours too. It gives enough time for any potential threats to be detected.
upvoted 0 times
...
Delpha
4 months ago
I think it's 24 hours. That's the standard dormancy period for most security tools.
upvoted 0 times
...
...
Chun
5 months ago
I think it's 24 hours.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77