A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected. Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation. How can the Security Analyst ensure results of the penetration test are retained?
A. Hide the offense and add a note with a reference to the penetration test findings
B. Protect the offense to not allow it to delete automatically after the offense retention period has elapsed
C. Close the offense and mark the source IP for Follow-Up to check if there are future events from the host
D. Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense
Which list is only Rule Actions?
A. Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.
B. Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.
C. Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.
D. Modify Severity; Send to Forwarding Destinations; Drop the Detected Event; Ensure the detected event is part of an offense.
What are the two available formats for exporting event and flow data for external analysis? (Choose two.)
A. XML
B. DOC
C. PDF
D. CSV
E. HTML
Which information can be found under the Network Activity tab?
A. Flows
B. Events
C. Reports
D. Offenses
Which type of tests are recommended to be placed first in a rule to increase efficiency?
A. Custom property tests
B. Normalized property tests
C. Reference set lookup tests
D. Payload contains regex tests
What is indicated by an event on an existing log in QRadar that has a Low Level Category of "Unknown"?
A. That event could not be parsed
B. That event arrived out of order from the original device
C. That event was from a device that is not supported by QRadar
D. That the event was parsed, but not mapped to an existing QRadar category
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?
A. Add Filter
B. Asset Search
C. Quick Search
D. Advanced Search
When using the right click event filtering functionality on a Source IP, one can filter by "Source IP is not [*]". Which two other filters can be shown using the right click event filtering functionality? (Choose two.)
A. Filter on DNS entry [*]
B. Filter on Source IP is [*]
C. Filter on Time and Date is [*]
D. Filter on Source or Destination IP is [*]
E. Filter on Source or Destination IP is not [*]
Which set of information is provided on the asset profile page on the assets tab in addition to ID?
A. Asset Name, MAC Address, Magnitude, Last user
B. IP Address, Asset Name, Vulnerabilities, Services
C. IP Address, Operating System, MAC Address, Services
D. Vulnerabilities, Operative System, Asset Name, Magnitude
What is the primary goal of data categorization and normalization in QRadar?
A. It allows data from different kinds of devices to be compared.
B. It preserves original data allowing for forensic investigations.
C. It allows for users to export data and import it into other system.
D. It allows for full-text indexing of data to improve search performance.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-612 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.