Download IBM.C2150-614.PracticeTest.2018-08-01.35q.vcex

Download Exam

File Info

Exam IBM Security QRadar SIEM V7.2.7 Deployment
Number C2150-614
File Name IBM.C2150-614.PracticeTest.2018-08-01.35q.vcex
Size 540 KB
Posted Aug 01, 2018
Download IBM.C2150-614.PracticeTest.2018-08-01.35q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A custom with IBM Security QRadar SIEM V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication servers are down and some users tried to log in before the authentication servers came back up. 
What will happen to these users?


  1. Local users are able to log in with their local password.
  2. Active Directory users are able to log in with their password.
  3. Administrative and non-administrative users are unable to log in with their password until authentication servers come back online.
  4. Logging on is restricted to administrative users and non-administrative will needed to wait until the authentication server comes back online.
Correct answer: D
Explanation:
QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP. The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password. References: http://www-01.ibm.com/support/docview.wss?uid=swg21959344
QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP. 
The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21959344



Question 2

Which CLI command should be used to change the default password from PASSWORD to S3cure for the username USERID?


  1. /opt/ibm/toolscenter/asu/asu set IMM. Password S3cure --ksu
  2. /opt/ibm/toolscenter/asu/asu set IMM. Password.1 S3cure --ksu
  3. /opt/ibm/toolscenter/asu/asu64 set IMM. Password S3cure -- ksu
  4. /opt/ibm/toolscenter/asu/asu64 set IMM.Password.1 S3cure -- ksu
Correct answer: D
Explanation:
To reset the IMM password use the following command:/opt/ibm/toolscenter/asu64 set IMM.Password.1 NewPassword --kcs References: http://www-01.ibm.com/support/docview.wss?uid=swg21964070
To reset the IMM password use the following command:
/opt/ibm/toolscenter/asu64 set IMM.Password.1 NewPassword --kcs 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21964070



Question 3

A Deployment Professional is performing a new deployment, and the customer wants to monitor network traffic by sending raw data packets from a network device to IBM Security QRadar SEAM V7.2.7. 
Which method should be used?


  1. AGP card
  2. Napatech card
  3. SFlow protocol
  4. NetFlow protocol
Correct answer: B
Explanation:
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html
You can monitor network traffic by sending raw data packets to a IBM QRadar QFlow Collector 1310 appliance. The QRadar QFlow Collector uses a dedicated Napatech monitoring card to copy incoming packets from one port on the card to a second port that connects to a IBM Security QRadar Packet Capture appliance. 
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qflow_forward_pcap.html



Question 4

A Deployment Professional was asked to investigate the following error:
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were dropped in the last 62 seconds. Queue is at 99 percent capacity 
The Deployment Professional needs to run the command 
“/opt/qradar/bin/findExpensiveCustomRules.sh” to gather the necessary troubleshooting logs. 
When should this command be run?


  1. Right after a reboot
  2. Run “service hostcontext restart” first
  3. While the system is dropping events
  4. Restart ECS, then run command
Correct answer: C
Explanation:
The script "findExpensiveCustomRules.sh" script is designed to query the QRadar data pipeline and report on the processing statistics from the Custom Rules Engine (CRE). The script monitors metrics and collecting statistics on how many events hit each rule, how long it takes to process a rule, total execution time and average execution time.  When the script completes it turns off these performance metrics. The findExpensiveCustomRules script is a useful tool for creating on demand reports for rule performance, it is not a tool for tracking historical rule data in QRadar. The core functionality of this script is often run when users begin to see drops in events or events routed to storage between components in QRadar. References: http://www-01.ibm.com/support/docview.wss?uid=swg21985252&myns=swgother&mynp=OCSSBQAC&mync=R&cm_sp=swgother-_-OCSSBQAC-_-R
The script "findExpensiveCustomRules.sh" script is designed to query the QRadar data pipeline and report on the processing statistics from the Custom Rules Engine (CRE). The script monitors metrics and collecting statistics on how many events hit each rule, how long it takes to process a rule, total execution time and average execution time.  When the script completes it turns off these performance metrics. The findExpensiveCustomRules script is a useful tool for creating on demand reports for rule performance, it is not a tool for tracking historical rule data in QRadar. The core functionality of this script is often run when users begin to see drops in events or events routed to storage between components in QRadar. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21985252&myns=swgother&mynp=OCSSBQAC&mync=R&cm_sp=swgother-_-OCSSBQAC-_-R



Question 5

A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth WAN connection. 
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events from the newly acquired branch and to forward them on a schedule, after hours during the trough of activity to the main branch. There is plenty of room for this additional EPS growth. 
Which device will meet the requirements?


  1. 1202 QFlow Collector
  2. 1400 Data Node
  3. 1501 Event Collector
  4. 1605 Event Processor
Correct answer: D
Explanation:
The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events. With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS. Incorrect Answers:A: The IBM Security QRadar QFlow Collector 1202 (MTM 4380-Q3C) appliance provides high capacity and scalable Layer 7 application data collection for distributed deployments.B: The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400 Data Node enhances data retention capabilities of a deployment as well as augment overall query performance.C: The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. The capacity is 15000 Events per Second.References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_evt_prcssr1605.html
The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events. 
With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS. 
Incorrect Answers:
A: The IBM Security QRadar QFlow Collector 1202 (MTM 4380-Q3C) appliance provides high capacity and scalable Layer 7 application data collection for distributed deployments.
B: The IBM Security QRadar 1400 Data Node (MTM 4380-Q1E) appliance provides scalable data storage solution for QRadar deployments. The QRadar 1400 Data Node enhances data retention capabilities of a deployment as well as augment overall query performance.
C: The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. The capacity is 15000 Events per Second.
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_evt_prcssr1605.html



Question 6

What is the impact on network bandwidth when selecting 'Global' on a rule instead of 'Local' in a distributed environment?


  1. All events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.
  2. All matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.
  3. All events are sent to each QRadar Event Processor for processing and therefore, all Events Processors use more bandwidth.
  4. All matching events are sent to each QRadar Event Processor for processing and therefore, all Event Processor use more bandwidth.
Correct answer: B
Explanation:
If you select Local, all rules are processed on the Event Processor on which they were received and offenses are created only for the events that are processed locally. If you select Global, all matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth and processing resources. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html
If you select Local, all rules are processed on the Event Processor on which they were received and offenses are created only for the events that are processed locally. 
If you select Global, all matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth and processing resources. 
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_create_cust_rul.html



Question 7

A Deployment Professional using IBM Security QRadar SIEM V7.2.7 needs to discover all mail servers, but some of the mail servers are listening on TCP port 10025. 
Which server type and port could be configured in server discovery to accomplish this goal?


  1. Mail Servers predefined server type should be used.
  2. Application predefined server type with destination port 10025 only should be used.
  3. Mail Servers predefined server type with destination port 10025 added to BB:PortDefinition: Mail Ports should be used.
  4. Application Servers predefined server type with destination port 10025 added to BB:PortDefinition: Mail Ports should be used.
Correct answer: C
Explanation:
Use the BB:PortDefinition: Mail Ports building block to include all common ports used by mail servers.References: Juniper Security Threat Response Manager STRM Log Manager Users Guide Release 2012.0, page 159
Use the BB:PortDefinition: Mail Ports building block to include all common ports used by mail servers.
References: Juniper Security Threat Response Manager STRM Log Manager Users Guide Release 2012.0, page 159



Question 8

A Deployment Professional is looking over event and flow data for a new customer and sees that the customer is hitting 4,000 EPS/300,000 FPM, with bursts of up to 5,000 EPS/400,000 FPM. The customer is asking for the least amount of appliances to be installed to handle this traffic without any throttling. 
Which combination should be installed?


  1. Install the IBM Security QRadar 3105 (Console) and add a QRadar 1805
  2. Install the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1705
  3. Install the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1828
  4. Install the IBM Security QRadar 3105 (Console) and add a QRadar Event Processor 1605
Correct answer: B
Explanation:
The QRadar 3105 (All-in-One) appliance requires external QRadar QFlow Collectors for layer 7 network activity monitoring. With an upgraded licence the QRadar  Flow Processor 1705 supports  600,000 FPM, depending on traffic types. Note: The IBM Security QRadar 3105 (All-in-One) (MTM 4380-Q1E) appliance is an all-in-one QRadar system that can profile network behavior and identify network security threats.With a basic license it supports 25,000 FPM and 1000 EPS. With an upgraded license it supports 200,000 FPM and 5000 EPS.  Incorrect Answers:A: With an upgraded licence the QRadar 1805supports 200,000 FPM and 5,000 EPS.C: With an upgraded licence the QRadar  Flow Processor 1828 supports 300,000 FPM.D: QRadar Event Processor 1605 is not a Flow Collector.References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3105_allone_base.htmlhttp://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_flow_prcssr1705.html
The QRadar 3105 (All-in-One) appliance requires external QRadar QFlow Collectors for layer 7 network activity monitoring. 
With an upgraded licence the QRadar  Flow Processor 1705 supports  600,000 FPM, depending on traffic types. 
Note: The IBM Security QRadar 3105 (All-in-One) (MTM 4380-Q1E) appliance is an all-in-one QRadar system that can profile network behavior and identify network security threats.
With a basic license it supports 25,000 FPM and 1000 EPS. 
With an upgraded license it supports 200,000 FPM and 5000 EPS.  
Incorrect Answers:
A: With an upgraded licence the QRadar 1805supports 200,000 FPM and 5,000 EPS.
C: With an upgraded licence the QRadar  Flow Processor 1828 supports 300,000 FPM.
D: QRadar Event Processor 1605 is not a Flow Collector.
References: 
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3105_allone_base.html
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_flow_prcssr1705.html



Question 9

A Deployment Professional has received complaints from a customer stating that events from a satellite Location in Hong Kong are being delayed, which is affecting records processing. The Deployment Professional wants to improve event transfer from that location to the IBM Security QRadar SIEM V7.2.7 Console in Mexico. 
Which appliance could be installed in the satellite location to accomplish this goal?


  1. Data Node
  2. Flow Collector
  3. Event Collector
  4. Event Processor
Correct answer: C
Explanation:
An Event Collector is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance. An example is the IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance, which is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_eventcllctr1501.html
An Event Collector is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance. 
An example is the IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance, which is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. 
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_eventcllctr1501.html



Question 10

A Deployment Professional needs to create and share a saved search with other users. 
What are the requirements for this action?


  1. The user must be in the Admin role, and the saved search must have at least one “Grouped By” field.
  2. Any user can share a saved search that must have exactly one “Grouped by” field.
  3. The user must be in the Admin role, and the saved search must have at least one “[indexed]” field.
  4. Any user can share a saved search that must contain at least one “Grouped By” + and one “[indexed] fields.
Correct answer: A
Explanation:
Create and share the Search Criteria, that the Dashboard Item will use. The user account initiating this process must be in the Admin User Role. Only users in the Admin User Role have the ability to share saved Search Criteria. Assign Search to Group(s): Select the check box for the group you want to assign this saved search. If you do not select a group, this saved search is assigned to the Other group by default.References: http://www-01.ibm.com/support/docview.wss?uid=swg21679314
Create and share the Search Criteria, that the Dashboard Item will use. 
The user account initiating this process must be in the Admin User Role. Only users in the Admin User Role have the ability to share saved Search Criteria. 
Assign Search to Group(s): Select the check box for the group you want to assign this saved search. If you do not select a group, this saved search is assigned to the Other group by default.
References: http://www-01.ibm.com/support/docview.wss?uid=swg21679314









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files