An IBM Security QRadar SIEM V7.2.8 Administrator needs to retain authentication failure data to a specific domain, for a longer period than the rest of the event data being collected. How is this task completed?
A. The administrator will need to create a custom rule with the appropriate filters and retention period. B. The administrator will need to create a new Event Retention Bucket with the appropriate filters and retention period. C. The administrator will need to create a custom filter in the log activity tab with the appropriate parameters and retention period. D. The administrator will need to create a custom report with the appropriate parameters and use the report format TAR (Tape archive).
B. The administrator will need to create a new Event Retention Bucket with the appropriate filters and retention period.
In current versions of QRadar you can set custom retention buckets for Events and Flows. The 10 non-default retention buckets are processed sequentially from top to bottom. Any events that do not match the retention buckets are automatically placed in the default retention bucket, located at the bottom of the list. Custom retention buckets allow the ability to add a time period and filters. If you enable a retention bucket with a defined criteria it will start deleting data from the time is was created. Any data that matches the custom retention bucket before it was created is subject to the criteria of the default retention bucket setting. If you need to delete data from before the Custom retention bucket was created you can shorten the default retention bucket so data is deleted immediately.
Question 82:
What IBM Security QRadar SIEM V7.2.8 component can be added to Flow and Event Processors to increase processing capacity and memory, for enhancing search performance?
A. Data Node B. Data Indexer C. QFlow Collector D. Advanced Correlation Engine
C. QFlow Collector
Question 83:
Where are system notifications located in IBM Security QRadar SIEM V7.2.8?
A. Only in the Admin Tab -> System Messages. B. Only on the banner above the QRadar navigation tabs. C. On the banner above the QRadar navigation tabs or on the System Monitoring dashboard. D. On the banner above the QRadar navigation tabs or in the Admin Tab -> System Messages.
C. On the banner above the QRadar navigation tabs or on the System Monitoring dashboard.
System notifications are displayed on the QRadar dashboard or in the notification window when unexpected system behavior occurs.
Question 84:
What procedure does a user of IBM Security QRadar SIEM V7.2.8 need to follow to delete a dashboard?
A. Click the "Dashboard" tab.From the Show Dashboard list box, select the dashboard that you want to delete.On the toolbar, click "Delete Dashboard".Click "Yes". B. Click the "Dashboard" tab.From the Show Dashboard list box, select the dashboard that you want to delete.On the toolbar, click "Remove Dashboard".Click "Yes". C. Click the "Dashboard" tab.On the toolbar, click "Delete a Dashboard".From the Delete Dashboard window, select the dashboard that you want to delete.Click "Yes". D. Click the "Dashboard" tab.From the Show Dashboard list box, select the dashboard that you want to delete.On the toolbar, click "Delete Dashboard for a user".On the User selection Menu select the user you want to delete from the dashboard and click "Okay".
A. Click the "Dashboard" tab.From the Show Dashboard list box, select the dashboard that you want to delete.On the toolbar, click "Delete Dashboard".Click "Yes".
Question 85:
When it comes to licensing, what is the difference between Events and Flows and how they are licensed?
A. Flows are licensed based on overall count over a minute, where Events are licensed based on overall count per second. B. Flows are licensed based on overall count per second, where Events are licensed based on overall count over a minute. C. Flows and Events are both licensed by overall count per minute under an Upgraded License and per second on a Basic License. D. Flows and Events are both licensed by overall count per second under an Upgraded License and per second on a Basic License.
A. Flows are licensed based on overall count over a minute, where Events are licensed based on overall count per second.
A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts.
Question 86:
IBM Security QRadar SIEM V7.2.8 collects network activity information. This information represents network activity by normalizing IP addresses, ports, byte and packet counts, as well as other details, which effectively represent a session
between two hosts.
This defines what type of information?
A. Flow Record information B. Event Record Information C. Data Source Information set up to a database from a server D. A failed login action of a Virtual Private Network (VPN) session
A. Flow Record information
Question 87:
An IBM Security QRadar SIEM V7.2.8 Administrator will install a High Availability (HA) pair of appliances. The primary and secondary hosts are formatted with the same file system. To ensure compatibility between hosts, which statement is considered a prerequisite?
A. The size of the /home partition on the secondary must be larger than the /home partition of the primary. B. The size of the /var/opt/ha on the secondary must be larger than the /var/opt/ha partition of the primary. C. The size of the /store partition on the secondary must be lesser than the /store partition of the primary. D. The size of the /store partition on the secondary must be equal to or larger than the /store partition of the primary.
D. The size of the /store partition on the secondary must be equal to or larger than the /store partition of the primary.
Store partition requirements
For example, do not pair a primary host that uses a 3 TB /store partition to a secondary host that has a 2 TB /store partition.
Question 88:
An IBM Security QRadar SIEM V7.2.8 Administrator assigned to a company that is looking to add QRadar into their current network. The company has requirements for 250,000 FPM, 15,000 EPS and FIPS. Which QRadar appliance solution will support this requirement?
A. QRadar 3128-C with Basic License B. QRadar 2100-C with Basic License C. QRadar 3128-C with Upgraded License D. QRadar 2100-C with Upgraded License
C. QRadar 3128-C with Upgraded License
The upgraded license of Qradar 3128-C has 300k FPM and 15000 EPS and FIPs. Therefore the Qradar 3128-C with upgraded license is the best choice for the company.
Question 89:
What are the four categories of notifications found in IBM Security QRadar SIEM V7.2.8 system notifications?
A. Errors, Critical, Minor and Information B. Errors, Warning, Information, and Health C. Warning, Information, System and Critical D. Errors, Warning, Information, and Performance
B. Errors, Warning, Information, and Health
Question 90:
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named User1 from a reference set with the name "Allowed Users" from the command line interface. Which command will accomplish this?
A. ./UtilReferenceSet.sh purge "Allowed Users" User1 B. ./ReferenceSetUtil.sh purge "Allowed Users" User1 C. ./ReferenceSetUtil.sh delete "Allowed\ Users" User1 D. ./UtilReferenceSet.sh delete "Allowed\ Users" User1
B. ./ReferenceSetUtil.sh purge "Allowed Users" User1
The Referencesetutil.sh purge is the correct syntax of the command. It deletes the specific user when you mention it within the reference set.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only IBM exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your C2150-624 exam preparations
and IBM certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.