What is the default reason for closing an Offense within QRadar?
A. Actioned
B. Non-Issue
C. Blocked Traffic
D. Acceptable Traffic
How does flow data contribute to the Asset Database?
A. Correlated Flows are used to populate the Asset Database.
B. It provides administrators visibility on how systems are communicating on the network.
C. Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.
D. It delivers vulnerability and ports information collected from scanners responsible for evaluating network assets.
Where are events related to a specific offense found?
A. Offenses Tab and Event List window
B. Dashboard and List of Events window
C. Offense Summary Page and List of Events window
D. Under Log Activity, search for Events associated with an Offense
While on the Offense Summary page, a specific Category of Events associated with the Offense can be
investigated.
Where should a Security Analyst click to view them?
A. Click on Events, then filter on Flows
B. Highlight the Category and click the Events icon
C. Scroll down to Categories and view Top 10 Source IPs
D. Right Click on Categories and choose Filter on Network Activity
Which file type is available for a report format?
A. TXT
B. DOC
C. PDF
D. PowerPoint
What is the default view when a user first logs in to QRadar?
A. Report Tab
B. Offense Tab
C. Dashboard tab
D. Messages menu
What is a Device Support Module (DSM) function within QRadar?
A. Unites data received from logs
B. Provides Vendor specific configuration information
C. Scans log information based on a set of rules to output offenses
D. Parses event information for SIEM products received from external sources
Which pair of options are available in the left column on the Reports Tab?
A. Reports and Owner
B. Reports and Branding
C. Reports and Report Grouping
D. Reports and Scheduled Reports
Which QRadar rule could detect a possible potential data loss?
A. Apply "Potential data loss" on event of flows which are detected by the local system and when any IP is part of any of the following XForce premium Premium_Malware
B. Apply "Potential data loss" on flows which are detected by the local system and when at least 1000 flows are seen with the same Destination IP and different Source IP in 2 minutes
C. Apply "Potential data loss" on events which are detected by the local system and when the event category for the event is one of the following Authentication and when any of Username are contained in any of Terminated_User
D. Apply "Potential data loss" on flows which are detected by the local system and when the source bytes is greater than 200000 and when at least 5 flows are seen with the same Source IP, Destination IP, Destination Port in 12 minutes
When reviewing Network Activity, a flow shows a communication between a local server on port 443, and a
random, remote port. The bytes from the local destination host are 2 GB, and the bytes from the remote,
source host address are 40KB.
What is the flow bias of this session?
A. Other
B. Mostly in
C. Near-same D. Mostly out
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-612 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.