IBM C2150-614 Exam Practice Questions (P. 4)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #16
A custom with IBM Security QRadar SIEM V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication servers are down and some users tried to log in before the authentication servers came back up.
What will happen to these users?
What will happen to these users?
- ALocal users are able to log in with their local password.
- BActive Directory users are able to log in with their password.
- CAdministrative and non-administrative users are unable to log in with their password until authentication servers come back online.
- DLogging on is restricted to administrative users and non-administrative will needed to wait until the authentication server comes back online.
Correct Answer:
D
QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP.
The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21959344
D
QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP.
The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21959344
send
light_mode
delete
Question #17
Which CLI command should be used to change the default password from PASSWORD to S3cure for the username USERID?
- A/opt/ibm/toolscenter/asu/asu set IMM. Password S3cure --ksu
- B/opt/ibm/toolscenter/asu/asu set IMM. Password.1 S3cure --ksu
- C/opt/ibm/toolscenter/asu/asu64 set IMM. Password S3cure -- ksu
- D/opt/ibm/toolscenter/asu/asu64 set IMM.Password.1 S3cure -- ksu
Correct Answer:
D
To reset the IMM password use the following command:
/opt/ibm/toolscenter/asu64 set IMM.Password.1 NewPassword --kcs
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21964070
D
To reset the IMM password use the following command:
/opt/ibm/toolscenter/asu64 set IMM.Password.1 NewPassword --kcs
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21964070
send
light_mode
delete
Question #18
A Deployment Professional is performing a new deployment, and the customer wants to monitor network traffic by sending raw data packets from a network device to IBM Security QRadar SEAM V7.2.7.
Which method should be used?
Which method should be used?
- AAGP card
- BNapatech card
- CSFlow protocol
- DNetFlow protocol
Correct Answer:
B
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated
Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html
B
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated
Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html
send
light_mode
delete
Question #19
A Deployment Professional was asked to investigate the following error:
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
"/opt/qradar/bin/findExpensiveCustomRules.sh" to gather the necessary troubleshooting logs.
When should this command be run?
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
"/opt/qradar/bin/findExpensiveCustomRules.sh" to gather the necessary troubleshooting logs.
When should this command be run?
- ARight after a reboot
- BRun "service hostcontext restart" first
- CWhile the system is dropping events
- DRestart ECS, then run command
Correct Answer:
C
The script "findExpensiveCustomRules.sh" script is designed to query the QRadar data pipeline and report on the processing statistics from the Custom Rules
Engine (CRE). The script monitors metrics and collecting statistics on how many events hit each rule, how long it takes to process a rule, total execution time and average execution time. When the script completes it turns off these performance metrics. The findExpensiveCustomRules script is a useful tool for creating on demand reports for rule performance, it is not a tool for tracking historical rule data in QRadar. The core functionality of this script is often run when users begin to see drops in events or events routed to storage between components in QRadar.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21985252&myns=swgother&mynp=OCSSBQAC&mync=R&cm_sp=swgother-_-OCSSBQAC-
_-R
C
The script "findExpensiveCustomRules.sh" script is designed to query the QRadar data pipeline and report on the processing statistics from the Custom Rules
Engine (CRE). The script monitors metrics and collecting statistics on how many events hit each rule, how long it takes to process a rule, total execution time and average execution time. When the script completes it turns off these performance metrics. The findExpensiveCustomRules script is a useful tool for creating on demand reports for rule performance, it is not a tool for tracking historical rule data in QRadar. The core functionality of this script is often run when users begin to see drops in events or events routed to storage between components in QRadar.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21985252&myns=swgother&mynp=OCSSBQAC&mync=R&cm_sp=swgother-_-OCSSBQAC-
_-R
send
light_mode
delete
Question #20
A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events from the newly acquired branch and to forward them on a schedule, after hours during the trough of activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events from the newly acquired branch and to forward them on a schedule, after hours during the trough of activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
- A1202 QFlow Collector
- B1400 Data Node
- C1501 Event Collector
- D1605 Event Processor
Correct Answer:
D
The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events.
With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS.
Incorrect Answers:
A: The IBM Security QRadar QFlow Collector 1202 (MTM 4380-Q3C) appliance provides high capacity and scalable Layer 7 application data collection for distributed deployments.
B: The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400
Data Node enhances data retention capabilities of a deployment as well as augment overall query performance.
C: The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. The capacity is 15000 Events per Second.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_evt_prcssr1605.html
D
The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events.
With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS.
Incorrect Answers:
A: The IBM Security QRadar QFlow Collector 1202 (MTM 4380-Q3C) appliance provides high capacity and scalable Layer 7 application data collection for distributed deployments.
B: The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400
Data Node enhances data retention capabilities of a deployment as well as augment overall query performance.
C: The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. The capacity is 15000 Events per Second.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_evt_prcssr1605.html
send
light_mode
delete
All Pages