C2150-624 Related Links

C2150-624 Box.net  |   C2150-624 zoho.com  |   C2150-624 Calameo  |   C2150-624 publitas.com  |   C2150-624 weSRCH  |   C2150-624 Issu  |  
Pass4sure PDF for C2150-624 with mock questions and pass marks. - Killexams

Real Exam Questions/Answers of C2150-624

Killexams Updated C2150-624

Complete examcollection is provided Here   |   View Vendors, Tracks Home

C2150-624 - IBM Security QRadar SIEM V7.2.8 Fundamental Administration - BrainDump Information

Vendor Name : IBM
Exam Code : C2150-624
Exam Name : IBM Security QRadar SIEM V7.2.8 Fundamental Administration
Questions and Answers : 60 Q & A
Updated On : June 19, 2018
PDF Download Mirror : C2150-624 Brain Dump
Get Full Version : Killexams C2150-624 Full Version


Pass4sure C2150-624 IBM Security QRadar SIEM V7.2.8 Fundamental Administration exam braindumps with real questions and practice software.


We have our experts working continuously for the collection of real exam questions of C2150-624. All the pass4sure questions and answers of C2150-624 collected by our team are reviewed and updated by our C2150-624 certified team. We remain connected to the candidates appeared in the C2150-624 test to get their reviews about the C2150-624 test, we collect C2150-624 exam tips and tricks, their experience about the techniques used in the real C2150-624 exam, the mistakes they done in the real test and then improve our material accordingly. Once you go through our pass4sure questions and answers, you will feel confident about all the topics of test and feel that your knowledge has been greatly improved. These pass4sure questions and answers are not just practice questions, these are real exam questions and answers that are enough to pass the C2150-624 exam at first attempt.

IBM certifications are highly required across IT organizations. HR managers prefer candidates who not only have an understanding of the topic, but having completed certification exams in the subject. All the IBM certifications provided on Pass4sure are accepted worldwide.

Are you looking for pass4sure real exams questions and answers for the IBM Security QRadar SIEM V7.2.8 Fundamental Administration exam? We are here to provide you one most updated and quality sources that is killexams.com. They have compiled a database of questions from actual exams in order to let you prepare and pass C2150-624 exam on the first attempt. All training materials on the killexams.com site are up to date and verified by industry experts.

Why killexams.com is the Ultimate choice for certification preparation?

1. A quality product that Help You Prepare for Your Exam:

killexams.com is the ultimate preparation source for passing the IBM C2150-624 exam. We have carefully complied and assembled real exam questions and answers, which are updated with the same frequency as real exam is updated, and reviewed by industry experts. Our IBM certified experts from multiple organizations are talented and qualified / certified individuals who have reviewed each question and answer and explanation section in order to help you understand the concept and pass the IBM exam. The best way to prepare C2150-624 exam is not reading a text book, but taking practice real questions and understanding the correct answers. Practice questions help prepare you for not only the concepts, but also the method in which questions and answer options are presented during the real exam.

2. User Friendly Mobile Device Access:

killexams provide extremely user friendly access to killexams.com products. The focus of the website is to provide accurate, updated, and to the point material to help you study and pass the IBM Security QRadar SIEM V7.2.8 Fundamental Administration. You can quickly get the real questions and answer database. The site is mobile friendly to allow study anywhere, as long as you have internet connection. You can just load the PDF in mobile and study anywhere.

3. Access the Most Recent IBM Security QRadar SIEM V7.2.8 Fundamental Administration Real Questions & Answers:

Our Exam databases are regularly updated throughout the year to include the latest real questions and answers from the IBM C2150-624 exam. Having Accurate, authentic and current real exam questions, you will pass your exam on the first try!

4. Our Materials is Verified by killexams.com Industry Experts:

We are doing struggle to providing you with accurate IBM Security QRadar SIEM V7.2.8 Fundamental Administration exam questions & answers, along with explanations. We make the value of your time and money, that is why every question and answer on Pass4sure has been verified by IBM certified experts. They are highly qualified and certified individuals, who have many years of professional experience related to the IBM exams.

5. We Provide all killexams.com Exam Questions and Include Detailed Answers with Explanations:

Killexams.com Huge Discount Coupons and Promo Codes are as under;
WC2017 : 60% Discount Coupon for all exams on website
PROF17 : 10% Discount Coupon for Orders greater than $69
DEAL17 : 15% Discount Coupon for Orders greater than $99
DECSPECIAL : 10% Special Discount Coupon for All Orders


Unlike many other exam prep websites, killexams.com provides not only updated actual IBM C2150-624 exam questions, but also detailed answers, explanations and diagrams. This is important to help the candidate not only understand the correct answer, but also details about the options that were incorrect.


Discount Coupon, Promo Codes, C2150-624 vce, Free C2150-624 vce, Download Free C2150-624 dumps, Free C2150-624 braindumps, pass4sure C2150-624, C2150-624 practice test, C2150-624 practice exam, killexams.com C2150-624, C2150-624 real questions, C2150-624 actual test, C2150-624 PDF download, Pass4sure C2150-624 Download, C2150-624 help, C2150-624 examcollection, Passleader C2150-624, exam-labs C2150-624, Justcertify C2150-624, certqueen C2150-624, C2150-624 testking


View Full Exam »

Customer Reviews about C2150-624

Testimonials Here   |   View Vendors, Tracks Home

C2150-624 - IBM Security QRadar SIEM V7.2.8 Fundamental Administration - Reviews

Our customers are always happy to give their reviews about the exams. Most of them are our permanent users. They do not rely on others except our team and they get exam confidence by using our questions and answers and exam simulator.

These C2150-624 Questions and Answers provide good exam knowledge.

That is genuinely the fulfillment of killexams, not mine. Very person pleasant C2150-624 exam simulator and real C2150-624 QAs.

i've placed a terrific source contemporary C2150-624 material.

Clearing C2150-624 tests was for all intents and purpose unrealistic for the benefit of me. The test points were truly intense for me to know. However they illuminated my drawback. I illuminated the 90 inquiries out of 100 Questions effectively. By basically relating the study guide in brain dump, I used to be prepared to see the themes well. Also the great exam simulator like killexams.com C2150-624 With achievement cleared this test. I offer gratitude killexams.com for serving the incredible administrations. Much appreciated.

real exam questions of C2150-624 exam are Awesome!

Killexams is a dream come real! This mind unload has helped me skip the C2150-624 examination and now Im capable of follow for higher jobs, and I am in a position to select a better enterprise. This is something I couldnt even dream of some years in the past. This examination and certification could be very targeted on C2150-624, however I located that different employers can be interested in you, too. Just the reality which you exceeded C2150-624 examination suggests them that you are an excellent candidate. Killexams C2150-624 guidance package has helped me get most of the questions right. All topics and regions were blanketed, so I did not have any principal issues while taking the examination. Some C2150-624 product questions are intricate and a bit deceptive, but Killexams has helped me get maximum of them right.

labored difficult on C2150-624 books, however the entirety become in the Q&A.

Passed the C2150-624 exam with 99% marks. Splendid! Considering best 15 days education time. All credit rating is going to the query & solution by way of killexams. Its high-quality fabric made schooling so clean that I may additionally need to even understand the tough subjects cozy. Thank you lots, killexams.Com for imparting us such an clean and powerful take a look at guide. Wish your team maintain on developing more of such publications for other IT certification exams.

No time to test books! need a few issue fast getting ready.

I cleared C2150-624 exam with excessive marks. On every occasion I had registered with killexams.Com which helped me to achieve greatermarks. Its notable to have help of killexams.Com query financial institution for such sort of tests. Thanks to all.

surprised to look C2150-624 dumps and study manual!

I am going to offer the C2150-624 assessments now, ultimately I felt the self assurance because of C2150-624 Preparation. If I checked out my past on every occasion I willing to offer the tests were given fearful, I realize its funny but now I am amazed why I felt no confidence on my, cause is lack of C2150-624 Preparation, Now I am completely prepared can passed my assessments effortlessly, so if all of us of you felt low confidence just get registered with the killexams.Com and begin training, subsequently you felt self assurance.

determined most C2150-624 Questions in actual test questions that I organized.

Killexams.Com helped me to score 96 percent in C2150-624 certification consequently i have entire religion on the goods of killexams. My first advent with this website grow to be 12 months ago thru actually considered one of my buddy. I had made amusing of him for the usage of C2150-624 exam engine however he guess with me approximately his maximum grades. It became proper due to the fact he had scored ninety one percentage I only scored 40 percentage. Im glad that my pal gained the wager due to the reality now i have entire accept as true with on this website and may come yet again for repeated instances.

I were given C2150-624 licensed in 2 days practise.

All in all, Killexams was a good way for me to prepare for this exam. I passed, but was a little disappointed that now all questions on the exam were 100% the same as what Killexams gave me. Over 70% were the same and the rest was very similar - Im not sure if this is a good thing. I managed to pass, so I think this counts as a good result. But keep in mind that even with Killexams you still need to learn and use your brain.

wherein can i get help to put together and pass C2150-624 exam?

The killexams.com dumps offer the examine material with the right capabilities. Their Dumps are making gaining knowledge of easy and quick to put together. The supplied fabric is incredibly customized with out turning into overwhelming or burdensome. The ILT ebook is used together with their fabric and observed its effectiveness. I propose this to my peers on the office and to everyone looking for the first-rate solution for the C2150-624 exam. thanks.

Is there any way to pass C2150-624 exam at first attempt?

I am saying from my experience that if you solve the question papers one by one then you will definitely crack the exam. killexams.com has very effective study material. Such a very useful and helpful website. Thanks Team killexams.

View Practice Questions »

See more IBM exam dumps

Direct Downloads Here   |   View Vendors, Latest Home

Real Exam Questions and Answers of exams

We offer a huge collection of IBM exam questions and answers, study guides, practice exams, Exam Simulator.

CUR-008 | 000-570 | 000-753 | C2090-011 | 000-385 | 000-M46 | 000-N13 | 000-085 | C2010-654 | C2020-700 | 000-649 | A2030-280 | P2010-022 | 000-123 | LOT-989 | 000-917 | P2090-080 | C9010-030 | A2010-501 | 000-349 | 000-535 | C9550-605 | P2090-075 | C4090-453 | C2040-411 | 000-382 | LOT-956 | C2170-011 | C2090-320 | 00M-243 | C2090-310 | 000-920 | P8010-004 | 000-M32 | 000-375 | 000-622 | M2180-651 | 000-M74 | 000-537 | 000-424 | C2060-350 | 000-004 | A2010-502 | 000-379 | C2180-374 | 000-M05 | 000-057 | 000-879 | C2180-275 | LOT-924 |

View Complete IBM Collection »

Latest Exams added

Recently Updated Here   |   View Vendors, Latest Home

Latest Real Exam Questions and Answers Added to Killexams.com

We keep our visitors and customers updated regarding the latest technology certifications by providing reliable and authentic exam preparation material. Our team remain busy in updating C2150-624 exam training material as well as reviewing the real exam changes. They try best to provide each and every relevant information about the test for the candidate to get good marks and come out of test center happily.

156-915-80 | 1Z0-414 | 1Z0-439 | 1Z0-447 | 1Z0-968 | 300-100 | 3V0-624 | 500-301 | 500-551 | 70-745 | 70-779 | 700-020 | 700-265 | 810-440 | 98-381 | 98-382 | 9A0-410 | CAS-003 | E20-585 | HCE-5710 | HPE2-K42 | HPE2-K43 | HPE2-K44 | HPE2-T34 | MB6-896 | VCS-256 | 1V0-701 | 1Z0-932 | 201-450 | 2VB-602 | 500-651 | 500-701 | 70-705 | 7391X | 7491X | BCB-Analyst | C2090-320 | C2150-609 | IIAP-CAP | CAT-340 | CCC | CPAT | CPFA | APA-CPP | CPT | CSWIP | Firefighter | FTCE | HPE0-J78 | HPE0-S52 | HPE2-E55 | HPE2-E69 | ITEC-Massage | JN0-210 | MB6-897 | N10-007 | PCNSE | VCS-274 | VCS-275 | VCS-413 |

View Recently Added Exams »

See more dumps

Direct Downloads Here   |   View Vendors, Latest Home

Real Exam Questions and Answers of exams

Here are some exams that you can explore by clicking the link below. There are thousands of exams that we provide to our candidates covering almost all the areas of certifications.

HP2-E44 | 1Z0-546 | 642-746 | 000-906 | HP2-Z28 | RCDD-001 | MSC-431 | 9A0-146 | 4A0-M02 | VCP550D | 000-765 | A2180-271 | P6040-025 | P2020-795 | 000-298 | CITP | 1Z0-051 | 000-253 | JN0-522 | FM0-303 | 000-631 | SSAT | 000-259 | 9L0-402 | COG-300 | 650-251 | M2150-768 | FCNSA | HP2-W102 | HP0-S15 | HP0-663 | 1Z0-430 | 9A0-279 | C2040-928 | 642-104 | HP2-H26 | 000-M223 | ST0-237 | HP0-M48 | EVP-101 | C2140-820 | HP2-B126 | ITIL-F | C4040-227 | 9L0-508 | C2180-276 | 920-183 | OMG-OCUP-100 | 9A0-056 | 1Z0-450 |

View Practice Questions »

Top of the list Vendors

Certification Vendors Here   |   View Exams, Latest Home

Industry Leading Vendors

Top notch vendors that dominate the entire world market by their technology and experties. We try to cover almost all the technology vendors and their certification areas so that our customers and visitors obtain all the information about test at one place.

SDI | IISFA | GRE | Brocade | ITEC | LSI | Amazon | CWNP | Dassault | Salesforce | PMI | Admission-Tests | SASInstitute | SCO | PayPal | Financial | Lotus | American-College | EMC | F5-Networks | Misc | ASTQB | CheckPoint | RACC | ISA | RSA | LSAT | Vmware | DELL | Cognos | PEOPLECERT | Business-Objects | CA-Technologies | ComputerAssociates | Autodesk | Enterasys | GuidanceSoftware | SAP | Fortinet | NCLEX | Genesys | Banking | APC | BEA | NVIDIA | Medical | Wonderlic | Liferay | ISEB | Microsoft |

View Practice Questions »

Sample Real Exam Questions/Answers

Certification Vendors Here   |   View Exams, Latest Home

C2150-624 Demo and Sample

Note: Answers are below each question.
Samples are taken from full version.

Microsoft Word - C2150-624-Final.html

QUESTION: 1

An IBM Security QRadar SIEM V7.2.8 Administrator assigned to a company that is looking to add QRadar into their current network. The company has requirements for 250,000 FPM, 15,000 EPS and FIPS. Which QRadar appliance solution will support this requirement?


  1. QRadar 3128-C with Basic License

  2. QRadar 2100-C with Basic License

  3. QRadar 3128-C with Upgraded License

  4. QRadar 2100-C with Upgraded License


Answer: C


Explanation:

The upgraded license of Qradar 3128-C has 300k FPM and 15000 EPS and FIPs. Therefore the Qradar 3128-C with upgraded license is the best choice for the company.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.d oc/ c_hwg_3128_allone.html


QUESTION: 2

An IBM Security QRadar SIEM V7.2.8 Administrator needs to check if the

“hostcontext” process is running. How can the Administrator do this?


  1. hostcontext status

  2. status hostcontext service

  3. service hostcontext status

  4. /etc/qradar/hostcontext status


Answer: C


Reference:

http://qradar360.blogspot.com/p/guides-material.html


QUESTION: 3

What is the difference between Flows and Event data collected by IBM Security QRadar SIEM V7.2.8?

  1. Events are streamed each minute to the Event Processor. Flows are streamed immediately to the Flow Processor.

  2. Flow data is collected from different log sources. Event data is collected from internal or external networksources.

  3. An Event occurs at a specific time and is logged at that time. A Flow is a record of network activity that canlast for seconds, minutes, hours, or days.

  4. An Event can span time lasting seconds, minutes, hours depending on the duration of a network session.A Flow happens at a single point in time and then is complete.


Answer: C E


Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qrada r.doc/c_qradar_deploy_event_and_flow_pipeline.html


QUESTION: 4

After downloading the <QRadar_patchupdate>.sfs file from Fix Central, what is the next step to upgrade IBM Security QRadar SIEM V7.2.8?


  1. Log in to the console as the Admin user-> Admin tab -> Advanced Menu -> Clean SIM Model.

  2. Log in to the console as the Admin user-> Admin tab -> Advanced Menu -> Upgrade option.

  3. Use SSH to log in to the system as the root user -> Run the patch installer with the following command:

    /media/updates/upgrade_qradar.

  4. Use SSH to log in to the system as the root user -> Copy the patch file to the /tmp directory or to another location that has sufficient disk space.


Answer: D


Explanation:

Download the fix pack to install QRadar 7.2.8 Patch 1 from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&pro duct=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Li nux&function =fixId&fixids=7.2.8- QRADARQRSIEM- 20161118202122&includeRequisites=1&includeSupersedes=0&downloadMethod=http

&so urce=fc Using SSH, log in to your system as the root user.

Copy the fix pack to the /tmp directory on the QRadar Console. Note: If space in the

/tmp directory is limited, copy the fix pack to another location that has sufficient space. To create the /media/updates directory, type the following command: mkdir -p

/media/updates


Reference:

http://www- 01.ibm.com/support/docview.wss?uid=swg27049111


QUESTION: 5

During the IBM Security QRadar SIEM V7.2.8 installation, which two default user roles are defined? (Choosetwo.)


  1. All

  2. Any

  3. Admin

  4. SuperUser

  5. SuperAdmin


Answer: A, C


Explanation:

Two default user roles are listed in the left pane of the window: Admin and All. You can select a role in the leftpane to view the associated role permissions in the right

pane.


Reference: http://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SI EM/CoreDocs/ QRadar_71MR1_AdminGuide.pdf


QUESTION: 6

Which AQL query, when run from IBM Security QRadar SIEM V7.2.8, will show EPS broken down by domains?


  1. select DOMAINNAME (domainid) as LogSource, sum(eventcount) / ((max(endTime) – min(startTime)) /1000 ) as EPS from events group by domainid order by EPS desc last 24 hours

  2. select DOMAINNAME (domainqid) as LogSource, sum(eventcount) / ((max(endTime) –min(startTime)) /1000 ) as EPS from events group by domainqid order by FPM desc last

    24 hours

  3. select DOMAINNAME (domainid) as LogSource, sum(events) / ((max(endTime) – min(startTime)) / 1000 ) as EPS from events group by domainid order by FPM desc last 24 hours

  4. select DOMAINNAME (domainid) as LogSource, sum(events) / ((max(endTime) – min(startTime)) / 1000 )as EPS from events group by domainid order by EPS desc last 24 hours


Answer: A


Explanation:

You would use single-quotes to define this search string. I believe I had an example in the presentation yesterday I need to fix where I accidently used double-qoutes, which is incorrect. The AQL search below uses quotes correctly:

select logsourcename(logsourceid) as LogSource, sum(eventcount) / ( ( max(endTime)

  • min (startTime) ) / 1000 ) as EPS from events WHERE logsourcename(logsourceid) = 'Windows Auth @ 10.10.10.10' group by logsourceid order by EPS desc last 5 MINUTES

    Or to snag multiple log sources, for example Windows events, you could use the following:

    select logsourcename(logsourceid) as LogSource, sum(eventcount) / ( ( max(endTime)

  • min (startTime) ) / 1000 ) as EPS from events WHERE logsourcename(logsourceid) is ILIKE '%Windows%' group by logsourceid order by EPS desc last 5 MINUTES


    Reference: https://www.ibm.com/developerworks/community/forums/html/topic?id=dea8ff96- 1372-4242-be14-

    473b6e4be798


    QUESTION: 7

    How can an IBM Security QRadar SIEM V7.2.8 Administrator capture specific data to a reference set whenQRadar receives the data from events or flow data?


    1. Create or modify a report so the required data is exported to a Reference Set.

    2. On the Admin tab. create or modify the reference set to capture the required data.

    3. On the Admin tab define a Custom Action to add the required data to a Reference Set.

    4. Create or modify a rule so the Rule Response will add the required data to a Reference Set.

    Answer: B


    Explanation:

    You can click on the admin tab and select system configuration. The Reference set management will be seen.

    Click New and configure the parameters.


    Reference: http://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SI EM/CoreDocs/QRadar_71MR1_AdminGuide.pdf


    QUESTION: 8

    An Administrators will add a secondary host to an IBM Security QRadar SIEM V7.2.8 Console in a High Availability (HA) deployment scenario. After checking the compatibility between primary and secondary HA pairs, what other prerequisite should the Administrator check within Managed Interfaces?


    1. The shared external storage.

    2. The server certificate that is issued by the local C A.

    3. The existence of an additional distributed file system.

    4. The communication for Distributed Replicated Block Device.


    Answer: D


    Explanation:

    CP port 7789 must be open and allow communication between the primary and secondary for Distributed Replicated Block Device (DRBD) traffic.

    DRBD traffic is responsible for disk replication and is bidirectional between the primary and secondary host.


    Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.d oc/ c_qradar_appliance_require.html


    QUESTION: 9

    What is a precaution an Administrator should take before beginning an upgrade of IBM Security QRadar SIEM V7.2.8?

    1. Close all open offenses.

    2. Purge old data and events.

    3. Check and close all open messages.

    4. Confirm that a backup of the data is complete.


    Answer: D


    Explanation:

    The first precaution listed in the IBM document states that the administrator should backup data before preparing for software upgrade. Backup of the current settings is important because if anything bad happens during the upgrade, you can always revert back to the original settings.


    Reference:

    http://www-01.ibm.com/support/docview.wss?uid=swg27048793


    QUESTION: 10

    An IBM Security QRadar SIEM V7.2.8 Administrator will install a High Availability (HA) pair of appliances. Theprimary and secondary hosts are formatted with the same file system. To ensure compatibility between hosts, which statement is considered a prerequisite?


    1. The size of the /home partition on the secondary must be larger than the /home partition of the primary.

    2. The size of the /var/opt/ha on the secondary must be larger than the /var/opt/ha partition of the primary.

    3. The size of the /store partition on the secondary must be lesser than the /store partition of the primary.

    4. The size of the /store partition on the secondary must be equal to or larger than the

    /store partition of theprimary.


    Answer: D


    Explanation:

    Store partition requirements The file system of the /store partition must match between your primary and secondary host.The size of the /store partition on the secondary must be equal to or larger than the /store partition of the primary.

    For example, do not pair a primary host that uses a 3 TB /store partition to a secondary host that has a 2 TB /store partition.

    Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.d oc/ c_qradar_appliance_require.html


    QUESTION: 11

    An IBM Security QRadar SIEM V7.2.8 Administrator needs to download a nightly configuration backup file from a past day through the Web Console. Which steps must be followed to achieve this?


    1. Admin Tab -> System Configuration -> Backup and Recovery -> Generate new backup - > Save

    2. Admin Tab -> System Configuration -> Backup and Recovery -> Choose the name of an Existing backup

    3. Admin Tab -> System Configuration -> Backup and Recovery -> Import New Backup -> Select file extension -> Save

    4. Admin Tab -> System Configuration -> System Settings -> Database Settings -> Choose the name of an Existing backup


    Answer: B


    Explanation:

    The backups are listed in Backup and recovery section of the system configuration in the admin tab. You can click on the existing backup and it will show you the options to

    download it.


    Reference: http://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_admin_guide.pdf


    QUESTION: 12

    An Administrator is tasked with installing additional log resources into an IBM Security QRadar SIEM V7.2.8deployment, bringing the total number of log source to 900. The deployment is using the default license andthe Administrator is getting an error attempting to add these additional log sources. Why is this error happening?


    1. The default license only allows 250 log sources.

    2. The default license only allows 500 log sources.

    3. The default license only allows 750 log sources.

    4. The default license only allows 800 log sources.

    Answer: C


    Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qrada r.doc/shc_act_lic_keys.html


    QUESTION: 13

    An IBM Security QRadar SIEM V7.2.8 Administrator notices a specific MAC address added to the Asset Reconciliation Domain MAC was blacklisted. What scenario is causing this to occur?


    1. When a MAC address is associated to three or more different IP addresses in 2 hours or less.

    2. When an IPv4 address is associated to three or more different MAC addresses in 2 hours or less.

    3. When a MAC address is associated to three or more different IP addresses in 10 minutes or less.

    4. When an IPv4 address is associated to three or more different MAC addresses in 10 minutes or less.


    Answer: A


    Reference:

    http //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.5/E N/

    b_qlm_users_guide.pdf


    QUESTION: 14

    When it comes to licensing, what is the difference between Events and Flows and how they are licensed?


    1. Flows are licensed based on overall count over a minute, where Events are licensed based on overall count per second.

    2. Flows are licensed based on overall count per second, where Events are licensed based on overall count over a minute.

    3. Flows and Events are both licensed by overall count per minute under an Upgraded License and per second on a Basic License.

    4. Flows and Events are both licensed by overall count per second under an Upgraded License and per second on a Basic License.

    Answer: A


    Explanation:

    A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific

    time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts.


    Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qrada r.doc/ c_qradar_deploy_event_and_flow_pipeline.html


    QUESTION: 15

    An Administrator using IBM Security QRadar SIEM V7.2.8 is using the following RegEx:([-+]?\d*$) What type of information is it designed to extract?


    1. Integer

    2. IP address

    3. Port number

    4. Domain name


    Answer: A


    Explanation:

    Sample regular expressions:

    • email: (.+@[^\.].*\.[a-z]{2,}$)

    • URL: (http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\ S*)?$)

    • Domain Name: (http[s]?://(.+?)["/?:])

    • Floating Point Number: ([-+]?\d*\.?\d*$)

      • Integer: ([-+]?\d*$)

      • IP Address: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)

      For example: To match a log that resembles: SEVERITY=43 Construct the following Regular Expression: SEVERITY=([-+]?\d*$)


      Reference:

      http://www.siem.su/docs/ibm/Administration_and_introduction/User_Guide.pdf

      QUESTION: 16

      The event pipeline for processing event data before viewing and using event data on the IBM Security QRadarSIEM V7.2.8 console consists of many components, what is one component?


      1. Indexing Component

      2. Flow Data Component

      3. Magistrate Component

      4. Event Data Component


      Answer: C


      Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qrada r.doc/c_qradar_deploy_event_and_flow_pipeline.html


      QUESTION: 17

      An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named User1 from a reference set with the name “Allowed Users” from the command line interface. Which command will accomplish this?


      A. ./UtilReferenceSet.sh purge “Allowed Users” User1

      B. ./ReferenceSetUtil.sh purge “Allowed Users” User1

      1. ./ReferenceSetUtil.sh delete “Allowed\ Users” User1

      2. ./UtilReferenceSet.sh delete “Allowed\ Users” User1


      Answer: B


      Explanation:

      The Referencesetutil.sh purge is the correct syntax of the command. It deletes the specific user when you mention it within the reference set.


      Reference:

      https://www.ibm.com/developerworks/community/forums/html/topic?id=7777777 7-

      0000-0000-0000-000014967953


      QUESTION: 18

      An Administrator has configured a customized log source extension to provide asset

      updates to IBM SecurityQRadar SIEM V7.2.8. Instead of QRadar receiving an update that has the host name of the asset that the userlogged in to, the log source generates many asset updates that all have the same host name. In this situation what will QRadar report?


      1. This will cause stale asset data.

      2. This will cause asset growth deviations.

      3. This will cause excessive authentication failure events.

      4. This will cause excessive flow data to be processed by the Magistrate.


      Answer: B


      Explanation:

      Instead of QRadar receiving an update that has the host name of the asset that the user logged in to, the logsource generates many asset updates that all have the same host name. In this situation, the asset growth deviation is caused by one asset profile that contains many IP addressesand user names.


      Reference: https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/ c_qradar_ug_usecase_customized_lsx.html


      QUESTION: 19

      What data is purged by the SIM reset process “Hard Clean” in IBM Security QRadar

      SIEM V7.2.8?


      1. All current and historical SIM data.

      2. All historical SIM data, current SIM data is retained.

      3. All SIEM data, a complete reconfiguration is required.

      4. All source and destination IP addresses are purged, all offenses in the database are closed.


      Answer: A


      Explanation:

      Hard clean Purges all current and historical SIM data, which includes offenses, source IP addresses, and destination IP addresses.

      Reference: http://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_admin_guide.pdf


      QUESTION: 20

      An Administrator working with IBM Security QRadar SIEM V7.2.8 was tasked with adding a new Microsoft Azure log source. What protocol is supported for this?


      1. FTP

      2. JDBC

      3. Syslog

      4. WinCollect


      Answer: C


      Reference:

      https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.dsm.doc

      / c_dsm_guide_microsoft_azure_overview.html


      QUESTION: 21

      The Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to determine which rules are most active in generating offenses. How would the Administrator accomplish this from the Offenses tab of the QRadar console?


      1. Rules -> Group -> “Most Active Offenses”.

      2. Rules -> Rules -> Offense Count to reorder the column in descending order.

      3. All Offenses -> All Offenses -> Offense Count to reorder the column in descending order.

      4. All Offenses -> All Offenses -> Events to reorder the column in descending order. Use the Actions menu to view the rule information for a specific offence.


        Answer: B


        Explanation:

        1. Click the Offenses tab.

        2. On the navigation menu, click Rules. To determine which rules are most active in generating offenses, from the rules page, click Offense Count to reorder the column in descending order.

        3. Double-click any rule to display the Rule Wizard. You can configure a response to each rule.


          Reference:

          https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_tuning_guide.pdf


          QUESTION: 22

          A retention policy allows an IBM Security QRadar SIEM V7.2.8 Administrator to define how long the system isrequired to keep certain types of data and what to do when data reaches a certain age. If a 3-month retentionpolicy is defined for all events, then the system will not delete event data until it’s on disk timestamp is 3months in the past. Which two choices are available in the ‘delete data in this bucket’? (Choose two.)


          1. When the index is full

          2. Upon reboot of the system

          3. When storage space is required

          4. When performance is heavily affected

          5. Immediately after retention period has expired


      Answer: C, E


      Explanation:

      From the list box, select a deletion policy. Options include:

    • When storage space is required - Select this option if you want events or flows that match the Keep data

      placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage isrequired. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletioncontinues until the used disk space

      reaches 82% for records and 81% for payloads. When storage is required,only events or flows that match the Keep data placed in this bucket for parameter are deleted.

    • Immediately after the retention period has expired – Select this option if you want events to be deleted immediately on matching the Keep data placed in this bucket for parameter. The events or flows are deleted at the next scheduled disk maintenance process, regardless of free disk space or compression requirements.


      Reference: https://www.ibm.com/developerworks/community/forums/atom/download/ Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210- b380- 4674894a6ad9


      When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar Component needs to be added to meet the EPS demands?


      1. Event Manager

      2. Event Indexing

      3. Event Collector

      4. Event Processor


      Answer: D


      Explanation:

      The QRadar SIEM Event Processor Virtual 1699 appliance supports the following items: Up to 10,000 events per second 2 TB or larger dedicated event storage


      Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.d oc_7.2.4/ c_siem_vrt_ap_ov.html


      QUESTION: 24

      An Administrator working with IBM Security QRadar SIEM V7.2.8 has updated the date/time on the QRadar console system and wants to update these date/time settings to all his hosts in the distributed environment. What command should be run?


      1. /opt/qradar/bin/datesync_all_servers.sh

      2. /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh

      3. /opt/qradar/support/fullDeployment.sh /opt/qradar/bin/time_sync.sh

      4. /opt/qradar/support/all_servers.sh /opt/qradar/bin/check_date_change.sh


      Answer: B


      Explanation:

      To run time synchronization on all hosts and see if any fail to synchronize with the Console, from the root directory (/) type the following command:

      ./opt/qradar/support/all_servers.sh "/opt/qradar/bin/time_sync.sh"


      Reference:

      http://www-01.ibm.com/support/docview.wss?uid=swg21700463


      An Administrator working with IBM Security QRadar SIEM V7.2.8 is constantly

      receiving the following message:“SAR Sentinal: Threshold crossed.”

      Where will the Administrator tune the settings for these messages?


      1. Admin tab -> General Settings -> Global System Notifications

      2. Admin tab -> System Configuration -> Global System Notifications

      3. Admin tab -> System Notifications -> System Activity Reporter Notifications

      4. Admin tab -> System Configuration -> General Settings -> System Notifications


      Answer: B


      Explanation:

      The SAR Sentinel utility monitors QRadar for a broad number of functions, such as running processes, CPUusage, and hardware functions. The function of the SAR Sentinel is to monitor the system and providenotifications when the system load exceeds a set threshold.


      Reference:

      https //public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRa dar/EN/ QRadar_721_Troubleshooting_System_Notifications.pdf


      QUESTION: 26

      Where are the IBM Security QRadar SIEM V7.2.8 log files located?


      1. /var/qradar.log

      2. /var/log/qradar.log

      3. /opt/qradar/log/qradar.log

      4. /opt/qradar/support/qradar.log


      Answer: B


      Explanation:

      You can review the log files for the current session individually or you can collect them to review later. Follow these steps to review the QRadar log files.

      To help you troubleshoot errors or exceptions, review the following log files.

      /var/log/qradar.log

      /var/log/qradar.error

      If you require more information, review the following log files: /var/log/qradar-sql.log

      /opt/tomcat6/logs/catalina.out

      /var/log/qflow.debug

      Review all logs by selecting Admin > System & License Mgmt > Actions > Collect Log

      Files.


      Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.6/com.ibm.qrada r.doc/ c_qradar_siem_inst_logs.html


      QUESTION: 27

      An Administrator working within IBM Security QRadar SIEM V7.2.8 has created a network hierarchy that includes the following groups and subgroups:

      Office #1 Group

  • Miscellaneous 10.10.0.0/24

    - Sales 10.10.8.0/24

  • Marketing 10.10.1.0/24 Office #2 Group

  • Miscellaneous 10.20.0.0/16

- Sales 10.20.8.0/24

- Marketing 10.20.1.0/24

A new subgroup is added to Office #1 having a CIDR .10.50.0/24. Offenses are being triggered and

during the investigation, it is noticed the rule should not fire if traffic is L2L. The offense is being triggered ontraffic from 10.10.4.17 to 10.20.1.8.

Is this rule using the network hierarchy correctly?


  1. This rule is parsing the network hierarchy correctly, as the 10.10.4.17 address is not contained in a group,and therefore is remote.

  2. This rule is parsing the network hierarchy correctly, as the offices are both remotely geo-located, and connecting over the Internet, it is remote traffic.

  1. This rule isn’t parsing the network hierarchy correctly, as the network hierarchy

    contains the CIDR for

    10.10.4.17 and 10.20.1.0/24, therefore being L2L traffic.

  2. This rule isn’t parsing the network hierarchy correctly, as the network hierarchy contains both subnets, butis viewing traffic between groups to be remote instead of local.


Answer: A

QUESTION: 28

An Administrator needs to see Events per Second (EPS) and Flows per Minute (FPM) coming to IBM SecurityQRadar SIEM V7.2.8 through a dashboard. How could this be accomplished?


  1. Download the dashboard from IBM Security App Exchange.

  2. Go to CLI and run the script /opt/qradar/bin/createdashboard.sh

  3. Select any dashboard and customize it. Add a system summary item.

  4. Create a new dashboard and then go to admin tab. Add item into the dashboard created.


Answer: D


Explanation:

To determine the average EPS rate, users can click the Dashboard tab, then select the System Monitoringdashboard item. This dashboard contains and event per second and flows per minute dashboard item. To seeEPS details, click the View in Log Activity link. This will give an estimate of the data size for events per day.


Reference:

http://www-01.ibm.com/support/docview.wss?uid=swg21685322


QUESTION: 29

How many dashboards come by default in IBM Security QRadar SIEM V7.2.8?


  1. 1

  2. 5

  3. 7

  4. 10


Answer: B


Explanation:

There are five default dashboards: 1 – application overview 2 – compliance overview 3 – network overview 4 – system monitoring

5 – threat and security monitoring


Reference:

https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/

b_qradar_users_guide.pdf


QUESTION: 30

Which is an officially supported operating system for IBM Security QRadar SIEM V7.2.8 installations on customer supplied hardware?


  1. Ubuntu Linux

  2. Windows 2012

  3. Fedora Linux

  4. Red Hat Enterprise Linux


Answer: D


Explanation:

The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operatingsystem.


Reference:

https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_appframework_devguide.pdf


QUESTION: 31

An IBM Security QRadar SIEM V7.2.8 Administrator needs to retain authentication failure data to a specificdomain, for a longer period than the rest of the event data being collected. How is this task completed?


  1. The administrator will need to create a custom rule with the appropriate filters and retention period.

  2. The administrator will need to create a new Event Retention Bucket with the appropriate filters and retention period.

  3. The administrator will need to create a custom filter in the log activity tab with the appropriate parametersand retention period.

  4. The administrator will need to create a custom report with the appropriate parameters and use the reportformat TAR (Tape archive).


Answer: B

Explanation:

In current versions of QRadar you can set custom retention buckets for Events and Flows. The 10 non-defaultretention buckets are processed sequentially from top to bottom. Any events that do not match the retentionbuckets are automatically placed in the default retention bucket, located at the bottom of the list. Customretention buckets

allow the ability to add a time period and filters. If you enable a retention bucket with adefined criteria it will start deleting data from the time is was created. Any data that matches the customretention bucket before it was created is subject to the criteria of the default retention bucket setting. If youneed to delete data from before the Custom retention bucket was created you can shorten the defaultretention bucket so data is deleted immediately.


Reference:

http://www- 01.ibm.com/support/docview.wss?uid=swg21622758


QUESTION: 32

An Administrator working with IBM Security QRadar SIEM V7.2.8 only needs to remove a single host (10.1.95.142) from the reference set with the name “Asset Reconciliation IPv4 Whitelist” from the command line interface. Which command would accomplish this task?


  1. ./RefereceSetUtil.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

  2. ./RefereceSetUtil.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

  3. ./RefereceSetData.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

  4. ./RefereceSetData.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142


Answer: B


Explanation:

The syntax for the command is:

ReferenceSetUtil.sh add "Asset Reconciliation IPv4 Whitelist" IP


Reference:

http://www.juniper.net/techpubs/en_US/jsa2014.8/information-products/topic- collections/jsaadministration- guide.pdf


QUESTION: 33

Where are system notifications located in IBM Security QRadar SIEM V7.2.8?

  1. Only in the Admin Tab -> System Messages.

  2. Only on the banner above the QRadar navigation tabs.

  3. On the banner above the QRadar navigation tabs or on the System Monitoring dashboard.

  4. On the banner above the QRadar navigation tabs or in the Admin Tab -> System Messages.


Answer: A


Explanation:

After collecting system log files, the system notification message that appears in the Messages box on theQRadar Console is available in English only.


Reference:

http://www- 01.ibm.com/support/docview.wss?uid=swg21882761


QUESTION: 34

Where are the logs for QFlow stored on IBM Security QRadar SIEM V7.2.8?


  1. /var/log/qflow.debug

  2. /opt/var/log/qflow.debug

  3. /opt/log/qradar/qflow.debug

  4. /opt/qradar/log/qflow.debug


Answer: A


Explanation:

You can review the log files for the current session individually or you can collect them to review later. Follow these steps to review the QRadar log files.

To help you troubleshoot errors or exceptions, review the following log files.

/var/log/qradar.log

/var/log/qradar.error

If you require more information, review the following log files: /var/log/qradar-sql.log

/opt/tomcat6/logs/catalina.out

/var/log/qflow.debug

Review all logs by selecting Admin > System & License Mgmt > Actions > Collect Log Files.


Reference:

https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.6/com.ibm.qrada

r.doc/ c_qradar_siem_inst_logs.html


QUESTION: 35

An IBM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on the console. Which command can the Administrator run to begin diagnosing this issue?


  1. /etc/init.d/tomcat status

  2. /etc/init.d/ariel_query_server status

  3. /opt/qradar/init/apply_tunning status

  4. /opt/qradar/init/ariel_query_server status


Answer: D


Explanation:

If the Ariel Query Server is not running, a full configuration deployment may resolve this issue by restarting all services on the managed host after deploying the most recent configuration on it. If the Ariel Query Server is still not running after a full deployment, contact support for further assistance.


Reference:

http://www- 01.ibm.com/support/docview.wss?uid=swg21991038


QUESTION: 36

What is the Events Per Second (EPS) basic license limit in an IBM Security QRadar V7.2.8 2100 hardwareappliance?


  1. 200

  2. 1000

  3. 2500

D. 10000


Answer: C


Reference:

https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_QRadar_hardware_guide.pdf


When replacing a Console appliance in an IBM Security QRadar SIEM V7.2.8 deployment using a new IP address or host name, what must be the same on the two Console appliances?


  1. The amount of storage must be the same.

  2. The Basic and Upgrade license must be the same.

  3. The software versions of both appliances must match.

  4. The Network Configuration and Protocol must be the same.


Answer: C


Explanation:

The software version of the new Console appliance must match the software version of the old Console appliance. QRadar does not allow appliances at different software versions in the deployment. Administratorsmight be required to reinstall an ISO for the appliance to downgrade or use a Fix Pack (SFS) to upgrade onthe new appliance. The paperwork that came with your appliance lists the installed software version.


Reference:

http://www- 01.ibm.com/support/docview.wss?uid=swg21984320


QUESTION: 38

Which permission can be assigned to a user from User Roles in the IBM Security QRadar SIEM V7.2.8 Console?


  1. Admin

  2. DSM Updates

  3. Flow Activity

  4. Configuration Management


Answer: A


Explanation:

Grants administrative access to the user interface. You can grant specific Admin permissions. Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts. Referenceftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8

/en/ b_qradar_admin_guide.pdf


An Administrator needs to create a new user role in the IBM Security QRadar SIEM V7.2.8 system. What steps need to be followed?


  1. System Configuration tab -> Users and Roles -> Add New Role -> Add

  2. Admin tab -> System Configuration -> User Management -> User Roles -> New

  3. Admin tab -> System and Settings -> Users and Roles -> Role Management -> New

  4. System Management tab -> System Configuration -> User Management -> User Roles - > New


Answer: B


Explanation:

By default, your system provides a default administrative user role, which provides access to all areas of QRadar SIEM. Users who are assigned an administrative user role cannot edit their own account. This restriction applies to the default Admin user role. Another administrative user must make any account changes.


Reference:

https //public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRa dar/EN/ b_qradar_admin_guide.pdf


QUESTION: 40

The event data collected by IBM Security QRadar SIEM V7.2.8 is being deleted after one month. The legal department required the data be kept for two months. What can the administrator do to accommodate this requirement?


A. Change the nightly backup Priority to “High”.

B. Change the nightly backup to a monthly backup.

  1. Change the Default Event Retention Policy property field “Do not delete data in this

    bucket” to two months.

  2. Change the Default Event Retention Policy property field “Keep data placed in this bucket for” to two months.


Answer: C


Explanation:

When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the

disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads.

When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted.


Reference: https://www.ibm.com/developerworks/community/forums/atom/download/ Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210- b380-4674894a6ad9


QUESTION: 41

An Administrator working with IBM Security QRadar SIEM V7.2.8 appliances needs to update firmware. How are the files acquired?


  1. Firmware updates can be retrieved from IBM developerWorks.

  2. Refer to support documents to download the firmware approved for QRadar appliances.

  3. All firmware is automatically downloaded and no Administrator intervention is required.

  4. All firmware updates are applied as part of the QRadar software patching process, and should not be applied independently.


Answer: B


Explanation:

Administrators looking for the latest firmware downloads can review this page to locate firmware updates forQRadar appliances. The installation instructions include a direct download link to the firmware from IBM FixCentral.


Reference:

http://www-01.ibm.com/support/docview.wss?uid=swg27047121


QUESTION: 42

What is needed to send the same events and flows to separate data centers or geographically separate sitesand enable data redundancy in IBM Security QRadar SIEM V7.2.8?

  1. A Flashcopy or GlobalMirror License.

  2. A dark fibre network and proper configuration of the backup and recovery feature.

  3. A load balancer or other method to deliver the same data to mirrored appliances.

  4. Use the Backup and Recovery automation feature in QRadar and a dedicated fiber channel connection.


Answer: C


Explanation:

Distribute the same event and flow data to two live sites by using a load balancer or other method to deliverthe same data to mirrored appliances. Each site has a record of the log data that is sent.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.d oc/ c_qradar_ha_data_redundancy_overview.html


QUESTION: 43

An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to exclude the mail servers froma custom rule.How would the Administrator complete this task?


  1. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.

  2. Create several rules excluding each mail server. Place these rules with the custom rule in a master rule,making sure the custom rule is last in the sequence.

C. Create a custom rule. In the “Rule Response” section of the Rule Wizard, select the

Trigger Scan option.Add the mail server IP Addresses to the table and select exclude.

D. Create the custom rule. Create a Custom Action from the Admin Tab, to exclude the mail servers IP Addresses. In the “Rule Response” section of the Rule Wizard, select the Execute Custom Action option, selecting the appropriate Custom Action.


Answer: A


Explanation:

Building blocks use the same tests as rules, but have no actions associated with them. Building blocks grouptogether commonly used tests, to build complex logic, so they can be used in rules. Building blocks are oftenconfigured to test groups of IP addresses, privileged usernames, or collections of event names. For example,you might create a building block that includes the IP addresses of all mail servers in your network, then

usethat building block in another rule, to exclude those hosts. The building block defaults are provided asguidelines, which should be reviewed and edited based on the needs of your network.


Reference:

https //public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SI EM/CoreDocs/QRadar_71MR1_TuningGuide.pdf


QUESTION: 44

An Administrator is adding a log source in IBM Security QRadar SIEM V7.2.8.

What required software application that supports the log source should be used for this procedure?


  1. QRadar QFlow Collector

  2. QRadar Event Collector

  3. Device Support Module (DSM)

  4. IBM X-Force Exchange plug-in for QRadar


Answer: C


Explanation:

Download and install a device support module (DSM) that supports the log source. A DSM is software application that contains the event patterns that are required to

identify and parse events from the original format of the event log to the format that

QRadar can use.


Reference: http://documentation.extremenetworks.com/PDFs/SIEM- IPS/IBM_QRadar_Log_Sources_User_Guide_7.7.2.6.pdf


QUESTION: 45

An IBM Security QRadar SIEM V7.2.8 Administrator wants to create a security profile within the system but receives an error upon saving.

What is a possible reason for this error?


  1. The Administrator has used non alpha numeric value(s) in the name which is not allowed.

  2. The Administrator has used less than 3 characters or more than 30 characters as name of the securityprofile.

  3. The Administrator has mixed non alpha numeric value(s) and alpha numeric value(s) in the name which isnot allowed.

  4. The Administrator must bring the IBM Security QRadar SIEM V7.2.8 system first in edit mode beforechanges are allowed.


Answer: B


Explanation:

In the Security Profile Name field, type a unique name for the security profile. The security profile name mustmeet the following requirements: minimum characters and maximum characters.


Reference: ftp://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRa dar/EN/ b_qradar_admin_guide.pdf


QUESTION: 46

What is the maximum number of dashboards a user can create with IBM Security QRadar SIEM V7.2.8?


  1. 10

  2. 25

  3. 100

  4. 255


Answer: D


Explanation:

Create custom dashboards that are relevant to your responsibilities. 255 dashboards per user is the maximum; however, performance issues might occur if you create more than 10 dashboards.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.3/com.ibm.qradar.d oc_7.2.3/ c_qradar_custom_dboard.html


QUESTION: 47

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to assign a report to a group named Network Management. What is the process for this task to be

completed?


  1. Reports Tab -> Select report -> Actions -> Assign Groups -> Item Groups -> select Network Management -> Assign Groups

  2. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Groups -> select Network Management -> Assign

  3. Reports Tab -> Select report -> Actions -> Assign Users -> User Groups -> select Network Management -> Assign Users

  4. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Users -> select Network Management -> Assign


    Answer: A


    Explanation:

    You can use the Assign Groups option to assign a report to another group

    1. Click the Reports tab.

    2. Select the report that you want to assign to a group.

    3. From the Actions list box, select Assign Groups.

    4. From the Item Groups list, select the check box of the group you want to assign to this report.

    5. Click Assign Groups


      Reference:

      https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_users_guide.pdf


      QUESTION: 48

      What procedure does a user of IBM Security QRadar SIEM V7.2.8 need to follow to delete a dashboard?


      1. Click the “Dashboard” tab.

        From the Show Dashboard list box, select the dashboard that you want to delete. On the

        toolbar, click “Delete Dashboard”.Click “Yes”.

      2. Click the “Dashboard” tab.

        From the Show Dashboard list box, select the dashboard that you want to delete. On the toolbar, click “Remove Dashboard”.Click “Yes”.

      3. Click the “Dashboard” tab.

        On the toolbar, click “Delete a Dashboard”.

        From the Delete Dashboard window, select the dashboard that you want to delete. Click

        “Yes”.

      4. Click the “Dashboard” tab.

From the Show Dashboard list box, select the dashboard that you want to delete. On the

toolbar, click “Delete Dashboard for a user”.

On the User selection Menu select the user you want to delete from the dashboard and

click “Okay”.


Answer: A

Explanation: Reference:

https://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.6/en/ b_qradar_users_guide.pdf(page 41)


QUESTION: 49

An Administrator working with a customer looking to add IBM Security QRadar SIEM V7.2.8 into their network,has some requirements. The customer is looking to have

40Tb of raw storage space for events and consoledata. What appliances allow for this requirement to be met?


  1. QRadar 3128 Console + QRadar 1410 Data Node

  2. QRadar 3128 Console + QRadar 1400 Data Node

  3. QRadar 3118 Console + QRadar 1410 Data Node

  4. QRadar 3128 Console + QRadar Flow Processor 1728


Answer: B


Explanation:

The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400 Data Node enhances data retention capabilities of a deployment as well as augment overall query performance


Reference: http://documentation.extremenetworks.com/PDFs/SIEM-IPS/ IBM_QRadar_Hardware_Guide_7.7.2.6.pdf

QUESTION: 50

Offense data has become corrupted, what option should an IBM Security QRadar SIEM V7.2.8 Administratorconsider to recover the offenses?


  1. Use Clean SIM option.

  2. Log out and Log back in.

  3. Use Revert Offenses option.

  4. Restore the most recent backup archive.


Answer: D


Explanation:

You can back up and recover QRadar® configuration information and data.

You can use the backup and recovery feature to back up your event and flow data; however, you must restoreevent and flow data manually.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.d oc/ c_qradar_adm_man_back_recovery.html


QUESTION: 51

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration backup files from the previous day to an off-site location.

What is the default location where these files can be found?


  1. /store/backup

  2. /store/exports

  3. /store/postgres

  4. /store/backupHost


Answer: A


Explanation:

The default location is /store/backup. This path must exist before the backup process is initiated. If this path does not exist, the backup process aborts. If you modify this path, make sure the new path is valid on every system in your deployment.


Reference:

https //ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/

b_qradar_admin_guide.pdf


QUESTION: 52

An Administrator working within IBM Security QRadar SIEM V7.2.8 has a network hierarchy that cannot

support anymore network objects. To remedy this, they want to implement a supernet. Some of the customerCIDRs are:

- 209.60.128.0/24

- 209.60.129.0/24

- 209.60.130.0/24

- 209.60.131.0/24

Which supernet should be used to shrink the amount of network objects for the supplied group of CIDRs?


A. 209.60.128.0/22 B. 209.60.129.0/23 C. 209.60.128.0/23 D. 209.60.127.0/27


Answer: C


Explanation:

Supernetting, also called Classless Inter-Domain Routing (CIDR), is a way to aggregate multiple Internet addresses of the same class. Using supernetting, the network address

209.60.128.0/24 and an adjacent address 209.60.129.0/24 can be merged into 209.60.128.0/23. The "23" at the end of the address says thatthe first 23 bits are the network part of the address, leaving the remaining nine bits for specific host addresses


QUESTION: 53

An Administrator using IBM Security QRadar SIEM V7.2.8 is using the RegEx syntax below: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)

What type of information is it designed to extract?


  1. An IP Address

  2. GPS Coordinates

  3. A Telephone Number

  4. A simple integer no longer than 4 digits

Answer: A


Explanation:

Sample regular expressions:

• email: (.+@[^\.].*\.[a-z]{2,}$)

• URL: (http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\ S*)?$)

• Domain Name: (http[s]?://(.+?)["/?:])

  • Floating Point Number: ([-+]?\d*\.?\d*$)

• Integer: ([-+]?\d*$)

• IP Address: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)

For example: To match a log that resembles: SEVERITY=43 Construct the following Regular Expression: SEVERITY=([-+]?\d*$)


Reference:

http://www.siem.su/docs/ibm/Administration_and_introduction/User_Guide.pdf


QUESTION: 54

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to enable the PCI report template. What is the procedure to accomplish this task?


  1. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> Select “Enable”

  2. Report Tab -> Enable “Show all templates” -> Group List -> Compliance -> PCI

  3. Reports Tab -> Clear “Hide Inactive Reports” box -> Group List -> Compliance -> PCI

  4. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> uncheck “Hide Template”


    Answer: C


    Explanation:

    1. Click the Reports tab.

    2. Clear the Hide Inactive Reports check box.

    3. In the Group list, select Compliance > PCI. 4. Select all report templates on the list:

      1. Click the first report on the list.

      2. Select all report templates by holding down the Shift key, while you click the last report on the list.

5. In the Actions list, select Toggle Scheduling. 6. Access generated reports: a. From the list in the Generated Reports column, select the time stamp of the report that you want to view.

  1. In the Format column, click the icon for report format that you want to view. Referenceftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8

    /en/ b_qradar_gs_guide.pdf


    QUESTION: 55

    An Administrator working with an IBM Security QRadar SIEM V7.2.8 deployment needs to build an Ariel Queryto find all flow data send in the last 24 hours where the amount of bytes being sent and received are largerthan 64 bytes.

    What Query needs to be used?


    1. SELECT * FROM flows WHERE sourceBytes > 64 & destinationBytes > 64 LAST 1 DAY

    2. SELECT * FROM flows WHERE sourceBytes > 64 AND destinationBytes > 64 LAST 1 DAYS

    3. SELECT * FROM flowsdata WHERE sourceBytes > 64 AND destinationBytes > 64 LAST 1 DAY

    4. SELECT * FROM flowsdata WHERE sourceBytes > 64 AND destinationBytes > 64 LAST 1 DAYS


Answer: B

Explanation: Reference:

https://www.ibm.com/developerworks/community/forums/atom/download/AQLQu eryCLIGuide_71.pdf?nodeId=95b7d2b5-f480-4c14-af22-6a350fb910d2


QUESTION: 56

An Administrator using IBM Security QRadar SIEM V7.2.8 needs to force an instant backup to run. Which option should be selected?


  1. Backup Now

  2. On Demand Backup

  3. Launch On Demand Backup

  4. Configure On Demand Backup


Answer: A


Administrators on versions of IBM Security QRadar SIEM older than V7.2.4 must use

a specific upgrade path to transition to newer software versions. These requirements are outlined in what technical document?


  1. Fix Level Recommendation Tool

  2. IBM latest firmware release notes

  3. QRadar Software upgrade progress technical note

  4. IBM System Security Interoperation Center (SSIC)


Answer: C


Explanation:

Most of the upgrades of IBM products are available in technical notes. IBM security Qradar SIEM upgrade process and information can be obtained through technical notes that IBM publishes on the web.


Reference:

http://www-01.ibm.com/support/docview.wss?uid=swg27038118


QUESTION: 58

What are three protocols that collect flow data from network devices, such as routers, and send this data toIBM Security QRadar SIEM V7.2.8?


  1. NetFlow, J-Flow and sFlow

  2. NetFlow, IPFIX and syslog

  3. NetFlow, rsyslog and sFlow

  4. NetFlow, Packeteer and syslog


Answer: A


Explanation:

NetFlow, J-Flow, and sFlow are protocols that collect flow data from network devices, such as routers, andsend this data to QRadar.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.d oc/ c_tuning_guide_deploy_cfgflowsource.html


Which appliance of the IBM Security QRadar SIEM V7.2.8 family is a specifically used to gather events fromlocal and remote log sources?


  1. QRadar Event Console

  2. QRadar QFlow Collector

  3. QRadar Event Collector

  4. QRadar Event Processor


Answer: C


Explanation:

Gathers events from local and remote log sources. Normalizes raw log source events. During this process, theMagistrate component examines the event from the log source and maps the event to a QRadar Identifier(QID). Then, the Event Collector bundles identical events to conserve system usage and sends theinformation to the Event Processor.


Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.d oc_7.2.1/ shc_qradar_comps.html


QUESTION: 60

What are the four categories of notifications found in IBM Security QRadar SIEM V7.2.8 system notifications?


  1. Errors, Critical, Minor and Information

  2. Errors, Warning, Information, and Health

  3. Warning, Information, System and Critical

  4. Errors, Warning, Information, and Performance


Answer: B


Reference: http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.8/en/ b_qradar_system_notifications.pdf

View Practice Questions »

We Make Sure Q&A work for you!

See Entry Test Preparation   |   Project Management, English Tests Home

Pass4sure PDFs (Pass4sure Questions and Answers), Viewable at all devices like PC Windows (all versions), Linux (All versions), Mac / iOS (iPhone/iPad and all other devices), Android (All versions). It support High Quality Printable book format. You can print and carry anywhere with you, as you like.

Testing and Training Engine Software (Pass4sure Exam Simulator) Compatible with All Windows PC (Windows 10/9/8/7/Vista/XP/2000/98 etc). Mac (Through Wine, Virtual Windows PC, Dual boot). It prepares your test for all the topics of exam, gives you exam tips and tricks by asking tricky questions, uses latest practice quiz to train you for the real test taking experience in learning mode as well as real test mode. Provides performance graphs and training history etc.

Read more »

More Useful Links about C2150-624

Certification Vendors Here   |   View Exams, Latest Home

Information Links



References:


Killexams Study Guides and Exam Simulator - www.simepe.com.br
Pass4sure Certification Exam Questions and Answers and Study Notes - avalonrosewood.com
Pass4sure Exam Study Notes - maipu.gob.ar
Real exam Questions and Answers with Exam Simulators - empoweredbeliefs.com
Latest Certification Exams with Exam Simulator - www.philreeve.com
Best Exam Simulator and brain dumps for the exam - andracarmina.com
Latest and Updated Certification Exams with Exam Simulator - www.tmicon.com.au
Killexams Exam Study Notes | study guides - st.edu.ge
Killexams Exam Study Notes | study guides | QA - bigdiscountsales.com
Real Questions and accurate answers for exam - playmagem.com.br
Killexams Exam Study Notes | study guides | QA - www.makkesoft.com

View Practice Questions »

Services Overview

We provide Pass4sure Questions and Answers and exam simulators for the candidates to prepare their exam and pass at first attempt.

Contact Us

As a team are working hard to provide the candidates best study material with proper guideline to face the real exam.

Address: 15th floor, 7# building 16 Xi Si Huan.
Telephone: +86 10 88227272
FAX: +86 10 68179899
Others: +301 - 0125 - 01258
E-mail: info@Killexams.com