IBM C2150-624 Online Practice Questions and Exam Preparation

IBM C2150-624 Online Questions & Answers

• Question 71:

  An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment has configured an asset data source with domain information. This has created several new asset profiles. What would explain these new asset profiles?

  A. The asset data source parameter "Collateral Damage Potential" was left at the default "Not Defined"
  B. The data in the asset model is domain-aware, this information is applied to all QRadar components, including server discovery.
  C. The data in the asset model is used to compare flow data and identify other assets. These assets are added to a "Whitelist" database for asset reconciliation.
  D. The asset data source is attempting to process an asset merge. The information from one asset is combined with the information for another asset under the premise that they are actually the same physical asset.
  A. The asset data source parameter "Collateral Damage Potential" was left at the default "Not Defined"

• Question 72:

  An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to assign a report to a group named Network Management. What is the process for this task to be completed?

  A. Reports Tab -> Select report -> Actions -> Assign Groups -> Item Groups -> select Network Management -> Assign Groups
  B. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Groups -> select Network Management -> Assign
  C. Reports Tab -> Select report -> Actions -> Assign Users -> User Groups -> select Network Management -> Assign Users
  D. Admin Tab -> Report Permissions -> select report -> Actions -> Assign Users -> select Network Management -> Assign
  A. Reports Tab -> Select report -> Actions -> Assign Groups -> Item Groups -> select Network Management -> Assign Groups

  ---

  You can use the Assign Groups option to assign a report to another group

  1.

  Click the Reports tab.

  2.

  Select the report that you want to assign to a group.

  3.

  From the Actions list box, select Assign Groups.

  4.

  From the Item Groups list, select the check box of the group you want to assign to this report.

  5.

  Click Assign Groups

• Question 73:

  An Administrator working with IBM Security QRadar SIEM V7.2.8 is constantly receiving the following message:

  "MPC: Unable to process offense. The maximum number of offenses has been reached."

  What is the reason for this message?

  A. The Multi Packet Capturer cannot handle more than 2500 attacks at the same time.
  B. The Magistrate Processor Core has more than 2500 active Offenses or 100000 overall Offenses.
  C. The Multi Packet Capturer cannot handle more than 500 offense reports at a certain point in time.
  D. The Magistrate Processor Core has reached its maximum amount of network connections at a certain time.
  B. The Magistrate Processor Core has more than 2500 active Offenses or 100000 overall Offenses.

• Question 74:

  Which permission can be assigned to a user from User Roles in the IBM Security QRadar SIEM V7.2.8 Console?

  A. Admin
  B. DSM Updates
  C. Flow Activity
  D. Configuration Management
  A. Admin

  ---

  Grants administrative access to the user interface. You can grant specific Admin permissions. Users with System Administrator permission can access all areas of the user interface. Users who have this access cannot edit other administrator accounts.

• Question 75:

  An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to exclude the mail servers from a custom rule. How would the Administrator complete this task?

  A. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.
  B. Create several rules excluding each mail server. Place these rules with the custom rule in a master rule, making sure the custom rule is last in the sequence.
  C. Create a custom rule. In the "Rule Response" section of the Rule Wizard, select the Trigger Scan option. Add the mail server IP Addresses to the table and select exclude.
  D. Create the custom rule. Create a Custom Action from the Admin Tab, to exclude the mail servers IP Addresses. In the "Rule Response" section of the Rule Wizard, select the Execute Custom Action option, selecting the appropriate Custom Action.
  A. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.

  ---

  Building blocks use the same tests as rules, but have no actions associated with them. Building blocks group together commonly used tests, to build complex logic, so they can be used in rules. Building blocks are often configured to test

  groups of IP addresses, privileged usernames, or collections of event names. For example, you might create a building block that includes the IP addresses of all mail servers in your network, then use that building block in another rule, to

  exclude those hosts.

  The building block defaults are provided as guidelines, which should be reviewed and edited based on the needs of your network.

• Question 76:

  An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration backup files from the previous day to an off-site location. What is the default location where these files can be found?

  A. /store/backup
  B. /store/exports
  C. /store/postgres
  D. /store/backupHost
  A. /store/backup

  ---

  The default location is /store/backup. This path must exist before the backup process is initiated. If this path does not exist, the backup process aborts. If you modify this path, make sure the new path is valid on every system in your deployment.

• Question 77:

  What is the procedure to upgrade an IBM Security QRadar SIEM V7.2.8 Distributed Deployment?

  A. First the Console needs to be upgraded and then the rest of the managed hosts.
  B. All systems in the environment need to be shutdown before all systems can be upgraded.
  C. First the Collectors need to be upgraded before the rest of the environment can be upgraded.
  D. Download the update to the QRadar update server which will automatically install the update to all hosts in the Distributed Deployment.
  A. First the Console needs to be upgraded and then the rest of the managed hosts.

• Question 78:

  An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to configure the deployment to add a log source from IBM Bluemix. What protocol is supported for this?

  A. JDBC
  B. LEEF
  C. WinCollect
  D. TLS Syslog
  D. TLS Syslog

• Question 79:

  Where are the IBM Security QRadar SIEM V7.2.8 log files located?

  A. /var/qradar.log
  B. /var/log/qradar.log
  C. /opt/qradar/log/qradar.log
  D. /opt/qradar/support/qradar.log
  B. /var/log/qradar.log

  ---

  You can review the log files for the current session individually or you can collect them to review later.

  Follow these steps to review the QRadar log files.

  To help you troubleshoot errors or exceptions, review the following log files.

  /var/log/qradar.log

  /var/log/qradar.error

  If you require more information, review the following log files:

  /var/log/qradar-sql.log

  /opt/tomcat6/logs/catalina.out

  /var/log/qflow.debug

  Review all logs by selecting Admin > System and License Mgmt> Actions > Collect Log Files.

• Question 80:

  An Administrator working with an IBM Security QRadar SIEM V7.2.8 deployment needs to build an Ariel Query to find all flow data send in the last 24 hours where the amount of bytes being sent and received are larger than 64 bytes. What Query needs to be used?

  A. SELECT * FROM flows WHERE sourceBytes> 64 anddestinationBytes> 64 LAST 1 DAY
  B. SELECT * FROM flows WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAYS
  C. SELECT * FROM flowsdata WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAY
  D. SELECT * FROM flowsdata WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAYS
  B. SELECT * FROM flows WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAYS