IBM C2150-614 Exam Practice Questions (P. 3)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
A Deployment Professional has a reference list of usernames that is used in rules. The Deployment Professional needs to be able to remove a username from the reference list when an offense is detected from a log event.
How can a Deployment Professional accomplish this goal?
How can a Deployment Professional accomplish this goal?
- AAs a rule response, select update Reference Set option
- BAs a rule response, select remove from Reference Set option
- CAs a rule response, select execute custom action in order to call REST-API: UPDATE: /reference_data/sets/{name}
- DAs a rule response, select execute custom action in order to call REST-API:
Correct Answer:
B
On the Rule Responses page of the customer rule, configure the responses that you want this rule to generate.
The rule response parameters include Remove from Reference Set, which is used to remove data from a reference set.
A reference set is a set of elements, such as a list of IP addresses or user names, that are derived from events and flows occurring on your network.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
B
On the Rule Responses page of the customer rule, configure the responses that you want this rule to generate.
The rule response parameters include Remove from Reference Set, which is used to remove data from a reference set.
A reference set is a set of elements, such as a list of IP addresses or user names, that are derived from events and flows occurring on your network.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
send
light_mode
delete
Question #12
A Deployment Professional has created a new Building Block (BB), and it's not returning any expected events. The Deployment Professional has checked to ensure the BB is enabled and active. No errors are returned.
What should be done to correct this BB problem?
What should be done to correct this BB problem?
- AAdd your new custom BB to the "System: Load Building Blocks" rule
- BEnsure that the BB has been set to "use" and a Deploy Full Configuration was done
- CMake sure that you use "Global System" so that all of the QRadar deployment uses it
- DManually enter in all QID's of the events it till monitor so it will automatically be used
Correct Answer:
A
Note: Question -
Will a building block of type: Common work when added to 'System: Load Building Blocks'?
Answer -
The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type: Common, which includes both Events and Flows, and is then added to the System: Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using
Flow rules, which are then bound to the building block used in a Flow rule.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21963724
A
Note: Question -
Will a building block of type: Common work when added to 'System: Load Building Blocks'?
Answer -
The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type: Common, which includes both Events and Flows, and is then added to the System: Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using
Flow rules, which are then bound to the building block used in a Flow rule.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21963724
send
light_mode
delete
Question #13
A Deployment Professional has come on-site to upgrade a IBM Security QRadar SIEM V7.2.7 deployment to a new fix level. Before running the upgrade, the software and fix versions must be verified.
What must the Deployment Professional verify?
What must the Deployment Professional verify?
- AAppliances in a deployment must be same version and same fix level.
- BAppliances in a deployment could be different version and different fix level.
- CAppliances in a deployment must be same version but fix level could be different.
- DAppliances in a deployment could be different version but fix level must be the same.
Correct Answer:
A
Software versions for all IBM Security QRadar appliances in a deployment must be same version and fix level. Deployments that use different QRadar versions of software are not supported.
References: IBM Security Qradar Version 7.2.7 Upgrade Guide, page 1 http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.7/en/b_qradar_upgrade.pdf
A
Software versions for all IBM Security QRadar appliances in a deployment must be same version and fix level. Deployments that use different QRadar versions of software are not supported.
References: IBM Security Qradar Version 7.2.7 Upgrade Guide, page 1 http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.7/en/b_qradar_upgrade.pdf
send
light_mode
delete
Question #14
A Deployment Professional has been asked to create a new dashboard which consists of utilizing a saved search.
Which box should be checked when creating this search?
Which box should be checked when creating this search?
- AAdd to my Dashboard
- BInclude in my Dashboard
- CAdd to my Dashboard items
- DInclude in my Quick Searches
Correct Answer:
B
When you create a Search therre is a parameter Include in my Dashboard, which must be selected to include the data from your saved search on the Dashboard tab.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21679314#create
B
When you create a Search therre is a parameter Include in my Dashboard, which must be selected to include the data from your saved search on the Dashboard tab.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21679314#create
send
light_mode
delete
Question #15
A Deployment Professional is alerted that flows between two assets within a local network are communicating at a higher rate than normal between midnight and
2 a.m. The Deployment Professional is asked to determine why this is occurring and decides to create an alert that will send a notification when the communication happens again.
Which action could be used?
2 a.m. The Deployment Professional is asked to determine why this is occurring and decides to create an alert that will send a notification when the communication happens again.
Which action could be used?
- ARun an AQL query
- BPerform Quick search
- CPerform Custom search
- DCreate rule to test for events/flows
Correct Answer:
D
IBM Security QRadar includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. You can also create your own rules to detect unusual activity.
D
IBM Security QRadar includes rules that detect a wide range of activities, including excessive firewall denies, multiple failed login attempts, and potential botnet activity. You can also create your own rules to detect unusual activity.
send
light_mode
delete
All Pages