What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?
A. Rules B. Category C. Source IP D. Destination IP
A. Rules
Question 3:
What is the primary goal of data categorization and normalization in QRadar?
A. It allows data from different kinds of devices to be compared. B. It preserves original data allowing for forensic investigations. C. It allows for users to export data and import it into other system. D. It allows for full-text indexing of data to improve search performance.
A. It allows data from different kinds of devices to be compared.
Question 4:
What are two default Report Groups? (Choose two.)
A. Analyst B. Executive C. Administration D. Log Management E. Network Management
When QRadar processes an event it extracts normalized properties and custom properties.
Which list includes only Normalized properties?
A. Start time, Source IP, Username, Unix Filename B. Start time, Username, Unix Filename, RACF Profile C. Start time, Low Level Category, Source IP, Username D. Low Level Category, Source IP, Username, RACF Profile
C. Start time, Low Level Category, Source IP, Username
Question 6:
What is a common purpose for looking at flow data?
A. To see which users logged into a remote system B. To see which users were accessing report data in QRadar C. To see application versions installed on a network endpoint D. To see how much information was sent from a desktop to a remote website
D. To see how much information was sent from a desktop to a remote website
Question 7:
What does the Network Hierarchy provide relating to the "whole picture" that is helpful during an investigation?
A. It allows hosts that are marked to be known to have vulnerabilities to be seen quickly. B. It allows for the isolation of traffic between the hosts in question for more in depth analysis. C. It allows for the removal of infected hosts from the network before being added back into the network. D. It allows for the identification of known hosts on the network versus those that aren't members of the network.
D. It allows for the identification of known hosts on the network versus those that aren't members of the network.
Question 8:
In a distributed QRadar deployment with multiple Event Collectors, from where can syslog and JDBC log sources collected?
A. Syslog log sources and JDBC log sources may be collected by any Event Collector. B. One Event Collector must collect ALL syslog events and another Event Collector must collect ALL JDBC events. C. Syslog log sources and JDBC log sources are always collected by the collector assigned in the log source definition. D. Syslog log sources may be collected by any Event Collector, but JDBC log sources will always be collected by the collector assigned in the log source definition.
A. Syslog log sources and JDBC log sources may be collected by any Event Collector.
Where can event data be exported from for external analysis?
A. From the Offenses Tab, select the offense and right click, select export event data B. From the list of events page, select actions and click export to XML or export to CSV C. From the offense summary page, select actions and click on export to XML or export to CSV. D. From the Offenses Tab, select the offense, click on actions, select export to XML or export to CSV
B. From the list of events page, select actions and click export to XML or export to CSV
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only IBM exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your C2150-612 exam preparations
and IBM certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.