IBM C2150-614 Exam Practice Questions (P. 2)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A
Deployment Professional needs to configure SFlow.
What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?
Deployment Professional needs to configure SFlow.
What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?
- AEnable flow forwarding
- BDisable flow forwarding
- CEnable asymmetric flows
- DDisable symmetric flows
Correct Answer:
C
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing.
However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source
Interface(s) parameter in the QRadar QFlow Collector configuration.
The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows.
The No option prevents the QRadar QFlow Collector from recombining asymmetric flows.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html
C
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing.
However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source
Interface(s) parameter in the QRadar QFlow Collector configuration.
The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows.
The No option prevents the QRadar QFlow Collector from recombining asymmetric flows.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html
send
light_mode
delete
Question #7
In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased.
How many additional views were added?
How many additional views were added?
- A100
- B120
- C130
- D170
Correct Answer:
D
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21690762
D
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21690762
send
light_mode
delete
Question #8
Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only.
How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?
How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?
- AThe domains must be used with security profiles to limit the available information to a group of users within that domain.
- BThe networks must be used with security profiles to limit the available information to a group of users within that domain.
- CThe multi-tenancy must be configured to isolate the users and then domains will be used to assign log sources and networks to these users.
- DThe multi-tenancy must be configured to allow each company to isolate and control their assets, log sources, users, networks, flows, and dashboards.
Correct Answer:
C
Multitenant environments allow Managed Security Service Providers (MSSPs) and multi-divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don't have to deploy a unique QRadar instance for each customer.
In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_adm_tenant_mgmt_overview.html
C
Multitenant environments allow Managed Security Service Providers (MSSPs) and multi-divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don't have to deploy a unique QRadar instance for each customer.
In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_adm_tenant_mgmt_overview.html
send
light_mode
delete
Question #9
A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level.
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.
What should be created to meet this client's goal?
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.
What should be created to meet this client's goal?
- ACustom flow property
- BCustom event property
- CCustom DSM for parsing overrule
- DCustom DSM for parsing enhancement
Correct Answer:
D
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM.
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
D
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM.
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
send
light_mode
delete
Question #10
You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft
Windows Server.
Which log source protocol should be used to accomplish this task?
Windows Server.
Which log source protocol should be used to accomplish this task?
- AWinCollect MSRPC
- BWinCollect Agent
- CWinCollect Log File
- DWinCollect File Forwarder
Correct Answer:
B
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts.
Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html
B
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts.
Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html
send
light_mode
delete
All Pages