Download IBM.C2150-614.CertKey.2018-11-09.35q.vcex

Download Exam

File Info

Exam IBM Security QRadar SIEM V7.2.7 Deployment
Number C2150-614
File Name IBM.C2150-614.CertKey.2018-11-09.35q.vcex
Size 470 KB
Posted Nov 09, 2018
Download IBM.C2150-614.CertKey.2018-11-09.35q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A Deployment Professional has detected a big spike in a customer’s “Malware infection detected” rule that monitors their endpoint anti-virus solution. The spike happened over the weekend, but when the rule was checked, it was not changed. Since Monday morning, the rule has spiked and has not yet stopped generating offenses. 
What was added to the customer's QRadar log sources that caused this problem? 


  1. Proxies
  2. Flow Collectors
  3. Domain Controllers
  4. Guest network in their offices.
Correct answer: B
Explanation:
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response. QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow. References:http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.htmlhttp://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response. 
QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow. 
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.html
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html



Question 2

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A Deployment Professional needs to configure SFlow. 
What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case? 


  1. Enable flow forwarding
  2. Disable flow forwarding
  3. Enable asymmetric flows
  4. Disable symmetric flows
Correct answer: C
Explanation:
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing. However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration. The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. The No option prevents the QRadar QFlow Collector from recombining asymmetric flows. References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing. 
However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration. 
The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. 
The No option prevents the QRadar QFlow Collector from recombining asymmetric flows. 
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html



Question 3

In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased. 
How many additional views were added?


  1. 100
  2. 120
  3. 130
  4. 170
Correct answer: D
Explanation:
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views. References: http://www-01.ibm.com/support/docview.wss?uid=swg21690762
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21690762



Question 4

A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level. 
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored. 
What should be created to meet this client's goal?


  1. Custom flow property
  2. Custom event property
  3. Custom DSM for parsing overrule
  4. Custom DSM for parsing enhancement
Correct answer: D
Explanation:
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM. References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM. 
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6



Question 5

You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft© Windows Server. 
Which log source protocol should be used to accomplish this task?


  1. WinCollect MSRPC
  2. WinCollect Agent
  3. WinCollect Log File
  4. WinCollect File Forwarder
Correct answer: B
Explanation:
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts. Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts. 
Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events. 
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html



Question 6

A Deployment Professional has a reference list of usernames that is used in rules. The Deployment Professional needs to be able to remove a username from the reference list when an offense is detected from a log event. 
How can a Deployment Professional accomplish this goal?


  1. As a rule response, select update Reference Set option
  2. As a rule response, select remove from Reference Set option
  3. As a rule response, select execute custom action in order to call REST-API: 
    UPDATE: /reference_data/sets/{name}
  4. As a rule response, select execute custom action in order to call REST-API: 
    REMOVE: /reference_data/sets/{name}/{value}
Correct answer: B
Explanation:
On the Rule Responses page of the customer rule, configure the responses that you want this rule to generate.  The rule response parameters include Remove from Reference Set, which is used to remove data from a reference set. A reference set is a set of elements, such as a list of IP addresses or user names, that are derived from events and flows occurring on your network. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
On the Rule Responses page of the customer rule, configure the responses that you want this rule to generate.  
The rule response parameters include Remove from Reference Set, which is used to remove data from a reference set. 
A reference set is a set of elements, such as a list of IP addresses or user names, that are derived from events and flows occurring on your network. 
References: 
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html



Question 7

A Deployment Professional has created a new Building Block (BB), and it's not returning any expected events. The Deployment Professional has checked to ensure the BB is enabled and active. No errors are returned. 
What should be done to correct this BB problem?


  1. Add your new custom BB to the “System: Load Building Blocks” rule 
  2. Ensure that the BB has been set to “use” and a Deploy Full Configuration was done
  3. Make sure that you use “Global System” so that all of the QRadar deployment uses it
  4. Manually enter in all QID's of the events it till monitor so it will automatically be used
Correct answer: A
Explanation:
Note: QuestionWill a building block of type: Common work when added to 'System: Load Building Blocks'?Answer The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type: Common, which includes both Events and Flows, and is then added to the System: Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using Flow rules, which are then bound to the building block used in a Flow rule. References: http://www-01.ibm.com/support/docview.wss?uid=swg21963724
Note: Question
Will a building block of type: Common work when added to 'System: Load Building Blocks'?
Answer 
The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type: Common, which includes both Events and Flows, and is then added to the System: Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using Flow rules, which are then bound to the building block used in a Flow rule. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21963724



Question 8

A Deployment Professional has come on-site to upgrade a IBM Security QRadar SIEM V7.2.7 deployment to a new fix level. Before running the upgrade, the software and fix versions must be verified. 
What must the Deployment Professional verify?


  1. Appliances in a deployment must be same version and same fix level.
  2. Appliances in a deployment could be different version and different fix level.
  3. Appliances in a deployment must be same version but fix level could be different.
  4. Appliances in a deployment could be different version but fix level must be the same.
Correct answer: A
Explanation:
Software versions for all IBM Security QRadar appliances in a deployment must be same version and fix level. Deployments that use different QRadar versions of software are not supported. References: IBM Security Qradar Version 7.2.7 Upgrade Guide, page 1http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.7/en/b_qradar_upgrade.pdf
Software versions for all IBM Security QRadar appliances in a deployment must be same version and fix level. Deployments that use different QRadar versions of software are not supported. 
References: IBM Security Qradar Version 7.2.7 Upgrade Guide, page 1
http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.7/en/b_qradar_upgrade.pdf



Question 9

A Deployment Professional has been asked to create a new dashboard which consists of utilizing a saved search. 
Which box should be checked when creating this search?


  1. Add to my Dashboard
  2. Include in my Dashboard
  3. Add to my Dashboard items
  4. Include in my Quick Searches
Correct answer: B
Explanation:
When you create a Search therre is a parameter Include in my Dashboard, which must be selected to include the data from your saved search on the Dashboard tab. References: http://www-01.ibm.com/support/docview.wss?uid=swg21679314#create
When you create a Search therre is a parameter Include in my Dashboard, which must be selected to include the data from your saved search on the Dashboard 
tab. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21679314#create



Question 10

A Deployment Professional is performing a new deployment, and the customer wants to monitor network traffic by sending raw data packets from a network device to IBM Security QRadar SEAM V7.2.7. 
Which method should be used? 


  1. AGP card
  2. Napatech card
  3. SFlow protocol
  4. NetFlow protocol
Correct answer: B
Explanation:
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance. 
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files