IBM C2150-624 Online Practice Questions and Exam Preparation

IBM C2150-624 Online Questions & Answers

• Question 51:

  An Administrators will add a secondary host to an IBM Security QRadar SIEM V7.2.8 Console in a High Availability (HA) deployment scenario.

  After checking the compatibility between primary and secondary HA pairs, what other prerequisite should the Administrator check within Managed Interfaces?

  A. The shared external storage.
  B. The server certificate that is issued by the local CA.
  C. The existence of an additional distributed file system.
  D. The communication for Distributed Replicated Block Device.
  D. The communication for Distributed Replicated Block Device.

  ---

  CP port 7789 must be open and allow communication between the primary and secondary for Distributed Replicated Block Device (DRBD) traffic. DRBD traffic is responsible for disk replication and is bidirectional between the primary and secondary host.

• Question 52:

  Which is an officially supported operating system for IBM Security QRadar SIEM V7.2.8 installations on customer supplied hardware?

  A. Ubuntu Linux
  B. Windows 2012
  C. Fedora Linux
  D. Red Hat Enterprise Linux
  D. Red Hat Enterprise Linux

  ---

  The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operating system.

• Question 53:

  Which two options are available when you create a security profile in IBM Security QRadar SIEM V7.2.8? (Choose two.)

  A. Events and Flows
  B. Databases and Network
  C. Network and Log Sources
  D. Log Sources and Databases
  C. Network and Log Sources

• Question 54:

  An Administrator working within IBM Security QRadar SIEM V7.2.8 has a network hierarchy that cannot support anymore network objects. To remedy this, they want to implement a supernet. Some of the customer CIDRs are:

  -209.60.128.0/24

  -209.60.129.0/24

  -209.60.130.0/24

  -

  209.60.131.0/24

  Which supernet should be used to shrink the amount of network objects for the supplied group of CIDRs?

  A. 209.60.128.0/22
  B. 209.60.129.0/23
  C. 209.60.128.0/23
  D. 209.60.127.0/27
  C. 209.60.128.0/23

  ---

  Supernetting, also called Classless Inter-Domain Routing (CIDR), is a way to aggregate multiple Internet addresses of the same class. Using supernetting, the network address 209.60.128.0/24 and an adjacent address 209.60.129.0/24 can be merged into 209.60.128.0/23. The "23" at the end of the address says that the first 23 bits are the network part of the address, leaving the remaining nine bits for specific host addresses

• Question 55:

  Offense data has become corrupted, what option should an IBM Security QRadar SIEM V7.2.8 Administrator consider to recover the offenses?

  A. Use Clean SIM option.
  B. Log out and Log back in.
  C. Use Revert Offenses option.
  D. Restore the most recent backup archive.
  D. Restore the most recent backup archive.

  ---

  You can back up and recover QRadar?configuration information and data.

  You can use the backup and recovery feature to back up your event and flow data; however, you must restore event and flow data manually.

• Question 56:

  An IBM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on the console. Which command can the Administrator run to begin diagnosing this issue?

  A. /etc/init.d/tomcat status
  B. /etc/init.d/ariel_query_server status
  C. /opt/qradar/init/apply_tunning status
  D. /opt/qradar/init/ariel_query_server status
  D. /opt/qradar/init/ariel_query_server status

  ---

  If the Ariel Query Server is not running, a full configuration deployment may resolve this issue by restarting all services on the managed host after deploying the most recent configuration on it. If the Ariel Query Server is still not running after a full deployment, contact support for further assistance.

• Question 57:

  What are the focus areas of the default dashboards available with IBM Security QRadar SIEM V7.2.8?

  A. operating system status, network activity, system monitoring, and compliance
  B. security, network activity, application activity, system monitoring, and compliance
  C. errors, attack activity, network accesses, operating system status, and offense activity
  D. errors, attack activity, security, network activity, application activity, system monitoring, and compliance
  B. security, network activity, application activity, system monitoring, and compliance

• Question 58:

  When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar Component needs to be added to meet the EPS demands?

  A. Event Manager
  B. Event Indexing
  C. Event Collector
  D. Event Processor
  D. Event Processor

• Question 59:

  What data is purged by the SIM reset process "Hard Clean" in IBM Security QRadar SIEM V7.2.8?

  A. All current and historical SIM data.
  B. All historical SIM data, current SIM data is retained.
  C. All SIEM data, a complete reconfiguration is required.
  D. All source and destination IP addresses are purged, all offenses in the database are closed.
  A. All current and historical SIM data.

  ---

  Hard clean Purges all current and historical SIM data, which includes offenses, source IP addresses, and destination IP addresses.

• Question 60:

  Which appliance of the IBM Security QRadar SIEM V7.2.8 family is a specifically used to gather events from local and remote log sources?

  A. QRadar Event Console
  B. QRadarQFlow Collector
  C. QRadar Event Collector
  D. QRadar Event Processor
  C. QRadar Event Collector

  ---

  Gathers events from local and remote log sources.Normalizes raw log source events. During this process, the Magistrate component examines the event from the log source and maps the event to a QRadar Identifier (QID). Then, the Event Collector bundles identical events to conserve system usage and sends the information to the Event Processor.