Download IBM.C2150-614.VCEplus.2019-02-23.60q.vcex

Download Exam

File Info

Exam IBM Security QRadar SIEM V7.2.7 Deployment
Number C2150-614
File Name IBM.C2150-614.VCEplus.2019-02-23.60q.vcex
Size 574 KB
Posted Feb 23, 2019
Download IBM.C2150-614.VCEplus.2019-02-23.60q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A client has reached the maximum of 5000 EPS for their 3128 All-in-One appliance. They have just completed an acquisition of a competitor company and would like to get them on-board with collecting events for correlation in QRadar. It has been determined that the newly acquired company has a large number of log sources, and it is estimated that its total EPS will be approx. 22000 EPS. 
What will meet the hardware requirements when changing to a distributed environment?


  1. 1605 Event Processor
  2. 1622 Event Processor
  3. 1624 Event Processor
  4. 1628 Event Processor
Correct answer: D
Explanation:
QRadar Event Processor 1628, with a Basic Licence, can process 2500 events per second (EPS), and with Upgraded license it can process 40,000 events per second. Incorrect Answers:A: QRadar Event Processor 1605 has a maximum capacity of events per second.C: QRadar Event Processor 1624, with a Basic License, can process 2500 events per second (EPS), and with Upgraded license it can process only 20,000 events per second.References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_hwg_1628.html
QRadar Event Processor 1628, with a Basic Licence, can process 2500 events per second (EPS), and with Upgraded license it can process 40,000 events per second. 
Incorrect Answers:
A: QRadar Event Processor 1605 has a maximum capacity of events per second.
C: QRadar Event Processor 1624, with a Basic License, can process 2500 events per second (EPS), and with Upgraded license it can process only 20,000 events per second.
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_hwg_1628.html



Question 2

A Deployment Professional is asked to schedule the forwarding of events when the network is quiet, usually around 2 to 3 a.m. console time. The customer states that there is no restriction to bandwidth on the available 1 Gbp/s WAM connection during this time. 
Which value should be used for the forward transfer rate?


  1. 0
  2. 1
  3. 1,000,000
  4. 10,000,000
Correct answer: A
Explanation:
For the forward transfer rate, a value of 0 means that the transfer rate is unlimited. References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_create_store_fwd_sch.html
For the forward transfer rate, a value of 0 means that the transfer rate is unlimited. 
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_create_store_fwd_sch.html



Question 3

A Deployment Professional working with IBM Security QRadar SIEM V7.2.7 is noticing system notifications relating to performance degradation of the CRE relating to expensive rules. Upon locating the rules that are being expensive they need to be modified to no longer trigger this notification. 
What are three causes for a rule to become expensive? (Choose three.)


  1. Containing payload matches tests
  2. Rule consisting of a large scope
  3. Containing payload contains tests
  4. Rule consisting of a narrow scope
  5. Utilizing non-standard regular expressions
  6. Utilizing non-optimized regular expressions
Correct answer: BCF
Explanation:
A user can create a custom rule that has a large scope, uses a regex pattern that is not efficient, includes Payload contains tests, or combines the rule with regular expressions. When this custom rule is used, it negatively impacts performance, which can cause events to be incorrectly routed directly to storage. Events are indexed and normalized but they don't trigger alerts or offenses. References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/38750120.html
A user can create a custom rule that has a large scope, uses a regex pattern that is not efficient, includes Payload contains tests, or combines the rule with regular expressions. When this custom rule is used, it negatively impacts performance, which can cause events to be incorrectly routed directly to storage. Events are indexed and normalized but they don't trigger alerts or offenses. 
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/38750120.html



Question 4

A Deployment Professional is working with IBM Security QRadar SIEM V7.2.7. for a new customer that is trying to create their network hierarchy. The customer currently has more than the maximum of 1,000 network objects and CIDR ranges. A few of the CIDRs of the customer are:
  • 209.60.128.0/24 
  • 209.60.129.0/24 
  • 209.60.130.0/24 
  • 209.60.131.0/24 
Which supernet should be used to shrink the amount of network objects for the supplied group of CIDRs?


  1. 209.60.128.0/22
  2. 209.60.129.0/23
  3. 209.60.128.0/23
  4. 209.60.127.0/27
Correct answer: C
Explanation:
Supernetting, also called Classless Inter-Domain Routing (CIDR), is a way to aggregate multiple Internet addresses of the same class.  Using supernetting, the network address 209.60.128.0/24 and an adjacent address 209.60.129.0/24 can be merged into 209.60.128.0/23. The "23" at the end of the address says that the first 23 bits are the network part of the address, leaving the remaining nine bits for specific host addresses. References: http://searchnetworking.techtarget.com/definition/supernetting
Supernetting, also called Classless Inter-Domain Routing (CIDR), is a way to aggregate multiple Internet addresses of the same class.  
Using supernetting, the network address 209.60.128.0/24 and an adjacent address 209.60.129.0/24 can be merged into 209.60.128.0/23. The "23" at the end of the address says that the first 23 bits are the network part of the address, leaving the remaining nine bits for specific host addresses. 
References: http://searchnetworking.techtarget.com/definition/supernetting



Question 5

A Deployment Professional has detected a big spike in a customer’s “Malware infection detected” rule that monitors their endpoint anti-virus solution. The spike happened over the weekend, but when the rule was checked, it was not changed. Since Monday morning, the rule has spiked and has not yet stopped generating offenses. 
What was added to the customer's QRadar log sources that caused this problem?


  1. Proxies
  2. Flow Collectors
  3. Domain Controllers
  4. Guest network in their offices.
Correct answer: B
Explanation:
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response. QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow. References:http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.htmlhttp://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html
Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response. 
QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow. 
References:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qradar_comps.html
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_rules.html



Question 6

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A Deployment Professional needs to configure SFlow. 
What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?


  1. Enable flow forwarding
  2. Disable flow forwarding
  3. Enable asymmetric flows
  4. Disable symmetric flows
Correct answer: C
Explanation:
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing. However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration. The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. The No option prevents the QRadar QFlow Collector from recombining asymmetric flows. References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html
In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing. 
However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration. 
The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. 
The No option prevents the QRadar QFlow Collector from recombining asymmetric flows. 
References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar_adm_config_qflow_col.html



Question 7

In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased. 
How many additional views were added?


  1. 100
  2. 120
  3. 130
  4. 170
Correct answer: D
Explanation:
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views. References: http://www-01.ibm.com/support/docview.wss?uid=swg21690762
The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views. 
References: http://www-01.ibm.com/support/docview.wss?uid=swg21690762



Question 8

Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only. 
How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?


  1. The domains must be used with security profiles to limit the available information to a group of users within that domain.
  2. The networks must be used with security profiles to limit the available information to a group of users within that domain.
  3. The multi-tenancy must be configured to isolate the users and then domains will be used to assign log sources and networks to these users.
  4. The multi-tenancy must be configured to allow each company to isolate and control their assets, log sources, users, networks, flows, and dashboards.
Correct answer: C
Explanation:
Multitenant environments allow Managed Security Service Providers (MSSPs) and multi-divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don't have to deploy a unique QRadar instance for each customer. In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see. References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_adm_tenant_mgmt_overview.html
Multitenant environments allow Managed Security Service Providers (MSSPs) and multi-divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don't have to deploy a unique QRadar instance for each customer. 
In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see. 
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_adm_tenant_mgmt_overview.html



Question 9

A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level. 
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored. 
What should be created to meet this client's goal?


  1. Custom flow property
  2. Custom event property
  3. Custom DSM for parsing overrule
  4. Custom DSM for parsing enhancement
Correct answer: D
Explanation:
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM. References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM. 
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6



Question 10

You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft© Windows Server. 
Which log source protocol should be used to accomplish this task?


  1. WinCollect MSRPC
  2. WinCollect Agent
  3. WinCollect Log File
  4. WinCollect File Forwarder
Correct answer: B
Explanation:
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts. Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html
A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts. 
Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.
References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincollect_overview_new.html









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files