C2150-400 Online Practice Questions and Answers

Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?

A. /opt/qradar/conf/

B. /opt/qradar/www

C. /opt/tomcat/conf/

D. /opt/qradar/webapps

Which default flow source is included in the QRadar SIEM?

A. IPFIX

B. jFlow

C. QFlow

D. NetFlow

Which three tasks can an administrator perform from the QRadar SIEM reports tab? (Choose three.)

A. Brand reports

B. Ability to create custom reports

C. Ability to create custom compliance templates

D. Present statistics derived from source IP and destination IP

E. Present measurements and statistics derived from real time data

F. Present measurements and statistics derived from events, flows and offenses

Which statement is true with regard to planning QRadar SIEM high availability?

A. The secondary host can be in different subnet as the primary host.

B. The secondary HA host that you want to add to the HA cluster can be a component in another HA cluster.

C. The primary HA host that you want to add to the HA cluster must be a component in another HA cluster.

D. When the IP address of the primary host is reassigned as a cluster virtual IP, the new IP address that you assign to the primary must be in the same subnet.

What does monitoring offenses grouped by category provide?

A. A list of offenses grouped on the user category

B. A list of offenses grouped on the low-level category

C. A list of offenses grouped on the high-level category

D. A list of offenses grouped on the event or flow category

Which TCP port must be open to allow communication between the primary and secondary HA hosts?

A. 7709

B. 7788

C. 7789

D. 7790

Which Permission Precedence should be applied in the Security Profile so the users can see events from the "Windows Servers" log source group and from other log sources that match the destination or source network "Windows"?

A. No Restrictions

B. Log Sources Only

C. Networks OR Log Sources

D. Networks AND Log Sources

Which view option allows you to view events as they occur?

A. Automatic

B. Live Events

C. Real Time (streaming)

D. Last Interval (auto refresh)

Which two IP Addresses are required to setup NATed environment? (Choose two.)

A. Public IP Address

B. Private IP Address

C. Remote IP Address

D. Secondary IP Address

E. Destination IP Address

Which icon on the Admin tab do you select when setting up QRadar to use an external authentication method?

A. Users

B. Authentication

C. System Settings

D. Authorized Services