When QRadar processes an event it extracts normalized properties and custom properties.
Which list includes only Normalized properties?
A. Start time, Source IP, Username, Unix Filename
B. Start time, Username, Unix Filename, RACF Profile
C. Start time, Low Level Category, Source IP, Username
D. Low Level Category, Source IP, Username, RACF Profile
What is the maximum number of supported dashboards for a single user?
A. 10
B. 25
C. 255
D. 1023
What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?
A. Rules
B. Category
C. Source IP
D. Destination IP
What set of Key fields can trigger coalescing?
A. Source IP address, Source port, Severity, Username, and Event ID
B. Source IP address, Destination IP address, Destination port, Direction, and Event ID
C. Source IP address, Destination IP address, Destination port, Username, and Event ID
D. Destination IP address, Destination port, Relevance, Username, and Low Level Category
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)
A. Rules
B. By Category
C. My Offenses
D. By Event Name
E. Create Offense
F. Closed Offenses
What is a capability of the Network Hierarchy in QRadar?
A. Determining and identifying local and remote hosts
B. Capability to move hosts from local to remote network segments
C. Viewing real-time PCAP traffic between host groups to isolate malware
D. Controlling DHCP pools for segments groups (i.e. marketing, DMZ, VoIP)
An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username. What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?
A. Each matching event will be tagged with the Rule name, but only one Offense will be created.
B. Each matching event will cause a new Offense to be created and will be tagged with the Rule name.
C. Events will be tagged with the rule name as long as the Rule Response limiter is satisfied. Only one offense will be created.
D. Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.
What is the difference between TCP and UDP?
A. They use different port number ranges
B. UDP is connectionless, whereas TCP is connection based
C. TCP is connectionless, whereas UDP is connection based
D. TCP runs on the application layer and UDP uses the Transport layer
Which QRadar component is designed to help increase the search speed in a deployment by allowing more data to remain uncompressed?
A. QRadar Data Node
B. QRadar Flow Processor
C. QRadar Event Collector
D. Qradar Event Processor
Which three log sources are supported by QRadar? (Choose three.)
A. Log files via SFTP
B. Barracuda Web Filter
C. TLS multiline Syslog
D. Oracle Database Listener
E. Sourcefire Defense Center
F. Java Database Connectivity (JDBC)
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-612 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.