How does a Device Support Module (DSM) function?
A. A DSM is a configuration file that combines received events from multiple log sources and displays them as offenses in QRadar.
B. A DSM is a background service running on the QRadar appliance that reaches out to devices deployed in a network for configuration data.
C. A DSM is a configuration file that parses received events from multiple log sources and converts them to a standard taxonomy format that can be displayed as outputs.
D. A DSM is an installed appliance that parses received events from multiple log sources and converts them to a standard taxonomy format that can be displayed as outputs.
Which flow fields should be used to determine how long a session has been active on a network?
A. Start time and end time
B. Start time and storage time
C. Start time and last packet time
D. Last packet time and storage time
Which log source and protocol combination delivers events to QRadar in real time?
A. Sophos Enterprise console via JDBC
B. McAfee ePolicy Orchestrator via JDBC
C. McAfee ePolicy Orchestrator via SNMP
D. Solaris Basic Security Mode (BSM) via Log File Protocol
A mapping of a username to a user's manager can be stored in a Reference Table and output in a search
or a report.
Which mechanism could be used to do this?
A. Quick Search filters can select users based on their manager's name.
B. Reference Table lookup values can be accessed in an advanced search.
C. Reference Table lookup values can be accessed as custom event properties.
D. Reference Table lookup values are automatically used whenever a saved search is run.
What are two characteristics of a SIEM? (Choose two.)
A. Log Management
B. System Deployment
C. Endpoint Software patching
D. Enterprise User management
E. Event Normalization and Correlation
Which QRadar component provides the user interface that delivers real-time flow views?
A. QRadar Viewer
B. QRadar Console
C. QRadar Flow Collector
D. QRadar Flow Processor
Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?
A. Outlier Rule
B. Anomaly Rule
C. Threshold Rule
D. Behavioral Rule
Which device uses signatures for traffic analysis when deployed in a network environment to detect, allow, block, or simulated-block traffic?
A. Proxy
B. QRadar
C. Switch
D. IDS/IPS
What is a main function of a Cisco Adaptive Security Appliance (ASA)?
A. A Proxy
B. A Switch
C. A Firewall
D. An Authentication device
What is the largest differentiator between a flow and event?
A. Events occur at a moment in time while flows have a duration.
B. Events can be forwarded to another destination, but flows cannot.
C. Events allow for the creation of custom properties, but flows cannot.
D. Flows only contribute to local correlated rules, while events are global.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-612 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.