IBM C2150-614 Exam Practice Questions (P. 5)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #21
What is the impact on network bandwidth when selecting 'Global' on a rule instead of 'Local' in a distributed environment?
- AAll events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.
- BAll matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.
- CAll events are sent to each QRadar Event Processor for processing and therefore, all Events Processors use more bandwidth.
- DAll matching events are sent to each QRadar Event Processor for processing and therefore, all Event Processor use more bandwidth.
Correct Answer:
B
If you select Local, all rules are processed on the Event Processor on which they were received and offenses are created only for the events that are processed locally.
If you select Global, all matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth and processing resources.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
B
If you select Local, all rules are processed on the Event Processor on which they were received and offenses are created only for the events that are processed locally.
If you select Global, all matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth and processing resources.
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
send
light_mode
delete
Question #22
A Deployment Professional using IBM Security QRadar SIEM V7.2.7 needs to discover all mail servers, but some of the mail servers are listening on TCP port
10025.
Which server type and port could be configured in server discovery to accomplish this goal?
10025.
Which server type and port could be configured in server discovery to accomplish this goal?
- AMail Servers predefined server type should be used.
- BApplication predefined server type with destination port 10025 only should be used.
- CMail Servers predefined server type with destination port 10025 added to BB:PortDefinition: Mail Ports should be used.
- DApplication Servers predefined server type with destination port 10025 added to BB:PortDefinition: Mail Ports should be used.
Correct Answer:
C
Use the BB:PortDefinition: Mail Ports building block to include all common ports used by mail servers.
References: Juniper Security Threat Response Manager STRM Log Manager Users Guide Release 2012.0, page 159
C
Use the BB:PortDefinition: Mail Ports building block to include all common ports used by mail servers.
References: Juniper Security Threat Response Manager STRM Log Manager Users Guide Release 2012.0, page 159
send
light_mode
delete
Question #23
A Deployment Professional is looking over event and flow data for a new customer and sees that the customer is hitting 4,000 EPS/300,000 FPM, with bursts of up to 5,000 EPS/400,000 FPM. The customer is asking for the least amount of appliances to be installed to handle this traffic without any throttling.
Which combination should be installed?
Which combination should be installed?
- AInstall the IBM Security QRadar 3105 (Console) and add a QRadar 1805
- BInstall the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1705
- CInstall the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1828
- DInstall the IBM Security QRadar 3105 (Console) and add a QRadar Event Processor 1605
Correct Answer:
B
The QRadar 3105 (All-in-One) appliance requires external QRadar QFlow Collectors for layer 7 network activity monitoring.
With an upgraded licence the QRadar Flow Processor 1705 supports 600,000 FPM, depending on traffic types.
Note: The IBM Security QRadar 3105 (All-in-One) (MTM 4380-Q1E) appliance is an all-in-one QRadar system that can profile network behavior and identify network security threats.
With a basic license it supports 25,000 FPM and 1000 EPS.
With an upgraded license it supports 200,000 FPM and 5000 EPS.
Incorrect Answers:
A: With an upgraded licence the QRadar 1805supports 200,000 FPM and 5,000 EPS.
C: With an upgraded licence the QRadar Flow Processor 1828 supports 300,000 FPM.
D: QRadar Event Processor 1605 is not a Flow Collector.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3105_allone_base.html http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_flow_prcssr1705.html
B
The QRadar 3105 (All-in-One) appliance requires external QRadar QFlow Collectors for layer 7 network activity monitoring.
With an upgraded licence the QRadar Flow Processor 1705 supports 600,000 FPM, depending on traffic types.
Note: The IBM Security QRadar 3105 (All-in-One) (MTM 4380-Q1E) appliance is an all-in-one QRadar system that can profile network behavior and identify network security threats.
With a basic license it supports 25,000 FPM and 1000 EPS.
With an upgraded license it supports 200,000 FPM and 5000 EPS.
Incorrect Answers:
A: With an upgraded licence the QRadar 1805supports 200,000 FPM and 5,000 EPS.
C: With an upgraded licence the QRadar Flow Processor 1828 supports 300,000 FPM.
D: QRadar Event Processor 1605 is not a Flow Collector.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3105_allone_base.html http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_flow_prcssr1705.html
send
light_mode
delete
Question #24
A Deployment Professional has received complaints from a customer stating that events from a satellite Location in Hong Kong are being delayed, which is affecting records processing. The Deployment Professional wants to improve event transfer from that location to the IBM Security QRadar SIEM V7.2.7
Which appliance could be installed in the satellite location to accomplish this goal?
Which appliance could be installed in the satellite location to accomplish this goal?
- AData Node
- BFlow Collector
- CEvent Collector
- DEvent Processor
Correct Answer:
C
An Event Collector is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance.
An example is the IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance, which is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_eventcllctr1501.html
C
An Event Collector is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance.
An example is the IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance, which is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor.
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_eventcllctr1501.html
send
light_mode
delete
Question #25
A Deployment Professional needs to create and share a saved search with other users.
What are the requirements for this action?
What are the requirements for this action?
- AThe user must be in the Admin role, and the saved search must have at least one "Grouped By" field.
- BAny user can share a saved search that must have exactly one "Grouped by" field.
- CThe user must be in the Admin role, and the saved search must have at least one "[indexed]" field.
- DAny user can share a saved search that must contain at least one "Grouped By" + and one "[indexed] fields.
Correct Answer:
A
Create and share the Search Criteria, that the Dashboard Item will use.
The user account initiating this process must be in the Admin User Role. Only users in the Admin User Role have the ability to share saved Search Criteria.
Assign Search to Group(s): Select the check box for the group you want to assign this saved search. If you do not select a group, this saved search is assigned to the Other group by default.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21679314
A
Create and share the Search Criteria, that the Dashboard Item will use.
The user account initiating this process must be in the Admin User Role. Only users in the Admin User Role have the ability to share saved Search Criteria.
Assign Search to Group(s): Select the check box for the group you want to assign this saved search. If you do not select a group, this saved search is assigned to the Other group by default.
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21679314
send
light_mode
delete
All Pages