IBM C2150-620 Exam Practice Questions (P. 2)
- Full Access (60 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #6
A System Administrator notices a large amount of bandwidth being used by one of the web application servers on an unexpected destination port.
Which method can the System Administrator use to review a sample of that traffic?
Which method can the System Administrator use to review a sample of that traffic?
- AAdd an event filter for the IP address in question and assign it a packet capture response.
- BStart a capture after adding filters specifying the source IP address and destination port.
- CUse the tcpdump command to generate a capture and specify the src host and dst port values.
- DCreate an NAP rule specifying the source host address, web application, and a capture response.
Correct Answer:
B
B
send
light_mode
delete
Question #7
A System Administrator needs to create a pcap capture file which contains the FTP traffic inspected by the XGS and therefore has enabled the FTP_Get signature in the Default IPS Object.
Which other action needs to be performed to ensure that the desired capture file is available in the Local Management interface (LMI) for this event only?
Which other action needs to be performed to ensure that the desired capture file is available in the Local Management interface (LMI) for this event only?
- ASelect "Log With Raw" on the FTP_Get signature that was enabled.
- BConfigure "Capture Connection" on the Response tab for the Default IPS Object.
- CEnable the tools>capture>pinterface from the command line filtering by FTP_Get event.
- DConfigure "Capture Connection" on the Response tab for an IPS Event Filter Policy rule for FTP_Get event.
Correct Answer:
A
Log With Raw is a feature of XGS that logs a summary and the associated packet capture for the IPS event or OpenSignature event. The content of the packet capture is displayed in SiteProtector through the Event Details, which can be used for network forensics and investigation.
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 260
A
Log With Raw is a feature of XGS that logs a summary and the associated packet capture for the IPS event or OpenSignature event. The content of the packet capture is displayed in SiteProtector through the Event Details, which can be used for network forensics and investigation.
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, page 260
send
light_mode
delete
Question #8
A Security Administrator want to block access to streaming video on a news website.
Which object should be used and how should it be configured?
Which object should be used and how should it be configured?
- AUse an IP Reputation object with the streaming video option enabled.
- BUse a URL Category object with the News/Magazine category enabled.
- CUse a Web application object with the stream/download action for the website.
- Duse a URL Category object with the News/Magazine category enabled and a Non-Web application with video streaming protocols.
Correct Answer:
C
Use Web Application objects to control access to categorized types of web-based applications and to control how people use them on your network. The Network
Protection database provides an indexed list of Web Application categories that you can block or limit access to on your network. These categories include web mail, social networking, and gaming sites.
In addition to blocking or limiting these site categories, you can prohibit users from performing specific actions on many of these sites. You can allow users to view social media sites such as YouTube or Flickr, but not allow users to post to them. Or you can allow users to view and to post to networking sites, such as
Facebook or Myspace, but not to upload photos or to play games.
Example: Block video on cnn.com -
On the Web Applications tab, click the Filter button and create a filter.
The Filter returns a list of Web Applications with news content and the associated Actions. Add cnn.com "" Stream/Download to the Added Web Application
Actions list. Click Save -
Configuration.
Etc.
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, pages 74-78
C
Use Web Application objects to control access to categorized types of web-based applications and to control how people use them on your network. The Network
Protection database provides an indexed list of Web Application categories that you can block or limit access to on your network. These categories include web mail, social networking, and gaming sites.
In addition to blocking or limiting these site categories, you can prohibit users from performing specific actions on many of these sites. You can allow users to view social media sites such as YouTube or Flickr, but not allow users to post to them. Or you can allow users to view and to post to networking sites, such as
Facebook or Myspace, but not to upload photos or to play games.
Example: Block video on cnn.com -
On the Web Applications tab, click the Filter button and create a filter.
The Filter returns a list of Web Applications with news content and the associated Actions. Add cnn.com "" Stream/Download to the Added Web Application
Actions list. Click Save -
Configuration.
Etc.
References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition, Version 2.0, pages 74-78
send
light_mode
delete
Question #9
A System Administrator wants to create an IPS Policy using X-Force recommended signatures, but does not want any signatures to be used in a blocking mode.
Which configuration option within the IPS Policy will provide this capability?
Which configuration option within the IPS Policy will provide this capability?
- AEdit the IPS Policy object and uncheck "˜Enable X-Force Protection Level Blocking'.
- BEdit the IPS Policy object and set "˜Enable X-Force Protection Level Signatures' to "˜None'.
- CEdit the IPS Policy object and set "˜Enable X-Force Protection Level Signatures' to "˜Moderate'.
- DEdit the IPS Policy object and set "˜Enable X-Force Protection Level Signatures' to "˜Aggressive'.
Correct Answer:
B
X-Force Virtual Patch Protection Levels
✑ None
Do not enable any signatures by default. This option is for a user that wants complete control over which signatures get enabled.
B
X-Force Virtual Patch Protection Levels
✑ None
Do not enable any signatures by default. This option is for a user that wants complete control over which signatures get enabled.
send
light_mode
delete
Question #10
A System Administrator of a banking organization has become aware of some malicious traffic to its IBM Security Network Protection (XGS) appliance. The logs show patters of Denial of Service (DoS) attack and a lot of encrypted packets targeted to the M.1 port of the XGS appliance coming from an internal laptop IP address.
What should the System Administrator do next?
What should the System Administrator do next?
- AConfigure Management access policy to restrict access.
- BConfigure Inbound SSL policy to inspect and drop such traffic.
- CConfigure Management access policy to set the management port as TCP reset port.
- DConfigure Network access policy and Intrusion Prevention Policy to block DoS attacks.
Correct Answer:
B
B
send
light_mode
delete
All Pages