C2150-612 Online Practice Questions and Answers

Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?

A. Add Filter

B. Asset Search

C. Quick Search

D. Advanced Search

What is indicated by an event on an existing log in QRadar that has a Low Level Category of "Unknown"?

A. That event could not be parsed

B. That event arrived out of order from the original device

C. That event was from a device that is not supported by QRadar

D. That the event was parsed, but not mapped to an existing QRadar category

What is the key difference between Rules and Building Blocks in QRadar?

A. Rules have Actions and Responses; Building Blocks do not.

B. The Response Limiter is available on Building Blocks but not on Rules.

C. Building Blocks are built-in to the product; Rules are customized for each deployment.

D. Building Blocks are Rules which are evaluated on both Flows and Events; Rules are evaluated on Offenses of Flows or Events.

What is a primary goal with the use of building blocks?

A. A method to create reusable rule responses

B. A reusable test stack that can be used in other rules

C. A method to generate reference set updates without using a rule

D. A method to create new events back into the pipeline without using a rule

What is the difference between TCP and UDP?

A. They use different port number ranges

B. UDP is connectionless, whereas TCP is connection based

C. TCP is connectionless, whereas UDP is connection based

D. TCP runs on the application layer and UDP uses the Transport layer

What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?

A. Rules

B. Category

C. Source IP

D. Destination IP

Which two high level Event Categories are used by QRadar? (Choose two.)

A. Policy

B. Direction

C. Localization

D. Justification

E. Authentication

What is a primary benefit of building blocks?

A. They can notify users of strange behavior.

B. They allow the execution of its test within all rules.

C. They generate new events into the pipeline before rules fire.

D. They allow for report result to be used in custom rules tests.

Which feature of a Next Generation Firewall is not available on previous firewalls?

A. VPN Support

B. Layer 3 based firewall rules

C. Integrated signature based IPS engine

D. Network and Port-Address Translation (NAT)

In a distributed QRadar deployment with multiple Event Collectors, from where can syslog and JDBC log sources collected?

A. Syslog log sources and JDBC log sources may be collected by any Event Collector.

B. One Event Collector must collect ALL syslog events and another Event Collector must collect ALL JDBC events.

C. Syslog log sources and JDBC log sources are always collected by the collector assigned in the log source definition.

D. Syslog log sources may be collected by any Event Collector, but JDBC log sources will always be collected by the collector assigned in the log source definition.