C2150-624 Online Practice Questions and Answers

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named

User1 from a reference set with the name "Allowed Users" from the command line interface.

Which command will accomplish this?

A. ./UtilReferenceSet.sh purge "Allowed Users" User1

B. ./ReferenceSetUtil.sh purge "Allowed Users" User1

C. ./ReferenceSetUtil.sh delete "Allowed\ Users" User1

D. ./UtilReferenceSet.sh delete "Allowed\ Users" User1

The Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to determine which rules

are most active in generating offenses.

How would the Administrator accomplish this from the Offenses tab of the QRadar console?

A. Rules -> Group -> "Most Active Offenses".

B. Rules -> Rules -> Offense Count to reorder the column in descending order.

C. All Offenses -> All Offenses -> Offense Count to reorder the column in descending order.

D. All Offenses -> All Offenses -> Events to reorder the column in descending order. Use the Actions menu to view the rule information for a specific offence.

Which permission can be assigned to a user from User Roles in the IBM Security QRadar SIEM V7.2.8 Console?

A. Admin

B. DSM Updates

C. Flow Activity

D. Configuration Management

How many dashboards come by default in IBM Security QRadar SIEM V7.2.8?

A. 1

B. 5

C. 7

D. 10

An Administrator working with IBM Security QRadar SIEM V7.2.8 only needs to remove a single host

(10.1.95.142)

from the reference set with the name "Asset Reconciliation IPv4 Whitelist" from the

command line interface.

Which command would accomplish this task?

A.

./RefereceSetUtil.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

B.

./RefereceSetUtil.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

C.

./RefereceSetData.sh purge Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

D.

./RefereceSetData.sh delete Asset\ Reconciliation\ IPv4\ Whitelist 10.1.95.142

An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to exclude the mail servers

from a custom rule.

How would the Administrator complete this task?

A. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.

B. Create several rules excluding each mail server. Place these rules with the custom rule in a master rule, making sure the custom rule is last in the sequence.

C. Create a custom rule. In the "Rule Response" section of the Rule Wizard, select the Trigger Scan option. Add the mail server IP Addresses to the table and select exclude.

D. Create the custom rule. Create a Custom Action from the Admin Tab, to exclude the mail servers IP Addresses. In the "Rule Response" section of the Rule Wizard, select the Execute Custom Action option, selecting the appropriate Custom Action.

What is the difference between Flows and Event data collected by IBM Security QRadar SIEM V7.2.8?

A. Events are streamed each minute to the Event Processor. Flows are streamed immediately to the Flow Processor.

B. Flow data is collected from different log sources. Event data is collected from internal or external network sources.

C. An Event occurs at a specific time and is logged at that time. A Flow is a record of network activity that can last for seconds, minutes, hours, or days.

D. An Event can span time lasting seconds, minutes, hours depending on the duration of a network session. A Flow happens at a single point in time and then is complete.

Given the following RegEx: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b) What data does this expression extract?

A. URL

B. User Name

C. IP address

D. Email Address

An IBM Security QRadar SIEM V7.2.8 Administrator is given a file to import asset information directly to

the asset database.

What should the Administrator be aware of when using this data source?

A. The asset data being imported must contain one field no longer than 255 characters in length.

B. The asset data imported will have a default retention period of 120 days until flow data is received from the asset.

C. The asset reconciliation stage is bypassed and asset updates that are provided by users do not introduce asset growth deviations.

D. The asset data from users are paired with an asset based on a single identifier, the IP address and flow data is never the cause of asset growth deviations.

An Administrator working with a IBM Security QRadar V7.2.8 deployment is looking to add Layer-7 visibility

and data collection. The current deployment is running a QRadar 3128-C Console and has 8Gbps of

network traffic.

What appliance solution would give this customer the results they are looking for?

A. Adding an additional QRadar 3128-C Console

B. Adding two QRadarQFlow Collector 1301 appliances

C. Adding a single QRadarQFlow Collector 1310 SR-C/LR-C

D. Adding two QRadarQFlow Collector 1301 appliances and one QRadarQFlow Collector 1202 appliance