Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home IBM C2150-614

IBM C2150-614 Exam Practice Questions (P. 4)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
A custom with IBM Security QRadar SIEM V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication servers are down and some users tried to log in before the authentication servers came back up.
What will happen to these users?
  1. A
    Local users are able to log in with their local password.
  2. B
    Active Directory users are able to log in with their password.
  3. C
    Administrative and non-administrative users are unable to log in with their password until authentication servers come back online.
  4. D
    Logging on is restricted to administrative users and non-administrative will needed to wait until the authentication server comes back online.

Correct Answer:
D
QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP.
The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21959344

Question #17
Which CLI command should be used to change the default password from PASSWORD to S3cure for the username USERID?
  1. A
    /opt/ibm/toolscenter/asu/asu set IMM. Password S3cure --ksu
  2. B
    /opt/ibm/toolscenter/asu/asu set IMM. Password.1 S3cure --ksu
  3. C
    /opt/ibm/toolscenter/asu/asu64 set IMM. Password S3cure -- ksu
  4. D
    /opt/ibm/toolscenter/asu/asu64 set IMM.Password.1 S3cure -- ksu

Correct Answer:
D
To reset the IMM password use the following command:
/opt/ibm/toolscenter/asu64 set IMM.Password.1 NewPassword --kcs
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21964070

Question #18
A Deployment Professional is performing a new deployment, and the customer wants to monitor network traffic by sending raw data packets from a network device to IBM Security QRadar SEAM V7.2.7.
Which method should be used?
  1. A
    AGP card
  2. B
    Napatech card
  3. C
    SFlow protocol
  4. D
    NetFlow protocol

Correct Answer:
B
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated
Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html

Question #19
A Deployment Professional was asked to investigate the following error:
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
"/opt/qradar/bin/findExpensiveCustomRules.sh" to gather the necessary troubleshooting logs.
When should this command be run?
  1. A
    Right after a reboot
  2. B
    Run "service hostcontext restart" first
  3. C
    While the system is dropping events
  4. D
    Restart ECS, then run command

Correct Answer:
C
The script "findExpensiveCustomRules.sh" script is designed to query the QRadar data pipeline and report on the processing statistics from the Custom Rules
Engine (CRE). The script monitors metrics and collecting statistics on how many events hit each rule, how long it takes to process a rule, total execution time and average execution time. When the script completes it turns off these performance metrics. The findExpensiveCustomRules script is a useful tool for creating on demand reports for rule performance, it is not a tool for tracking historical rule data in QRadar. The core functionality of this script is often run when users begin to see drops in events or events routed to storage between components in QRadar.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21985252&myns=swgother&mynp=OCSSBQAC&mync=R&cm_sp=swgother-_-OCSSBQAC-
_-R

Question #20
A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events from the newly acquired branch and to forward them on a schedule, after hours during the trough of activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
  1. A
    1202 QFlow Collector
  2. B
    1400 Data Node
  3. C
    1501 Event Collector
  4. D
    1605 Event Processor

Correct Answer:
D
The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events.
With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS.
Incorrect Answers:
A: The IBM Security QRadar QFlow Collector 1202 (MTM 4380-Q3C) appliance provides high capacity and scalable Layer 7 application data collection for distributed deployments.
B: The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400
Data Node enhances data retention capabilities of a deployment as well as augment overall query performance.
C: The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. The capacity is 15000 Events per Second.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_evt_prcssr1605.html

Previous Questions Next Questions

All Pages