C2150-624 Online Practice Questions and Answers

An IBM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on the console. Which command can the Administrator run to begin diagnosing this issue?

A. /etc/init.d/tomcat status

B. /etc/init.d/ariel_query_server status

C. /opt/qradar/init/apply_tunning status

D. /opt/qradar/init/ariel_query_server status

An Administrator working with IBM Security QRadar SIEM V7.2.8 has updated the date/time on the

QRadar console system and wants to update these date/time settings to all his hosts in the distributed

environment.

What command should be run?

A. /opt/qradar/bin/datesync_all_servers.sh

B. /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh

C. /opt/qradar/support/fullDeployment.sh /opt/qradar/bin/time_sync.sh

D. /opt/qradar/support/all_servers.sh /opt/qradar/bin/check_date_change.sh

An IBM Security QRadar SIEM V7.2.8 Administrator wants to create a security profile within the system but

receives an error upon saving.

What is a possible reason for this error?

A. The Administrator has used non alpha numeric value(s) in the name which is not allowed.

B. The Administrator has used less than 3 characters or more than 30 characters as name of the security profile.

C. The Administrator has mixed non alpha numeric value(s) and alpha numeric value(s) in the name which is not allowed.

D. The Administrator must bring the IBM Security QRadar SIEM V7.2.8 system first in edit mode before changes are allowed.

An Administrator working with a customer looking to add IBM Security QRadar SIEM V7.2.8 into their

network, has some requirements. The customer is looking to have 40Tb of raw storage space for events

and console data.

What appliances allow for this requirement to be met?

A. QRadar 3128 Console + QRadar 1410 Data Node

B. QRadar 3128 Console + QRadar 1400 Data Node

C. QRadar 3118 Console + QRadar 1410 Data Node

D. QRadar 3128 Console + QRadar Flow Processor 1728

Offense data has become corrupted, what option should an IBM Security QRadar SIEM V7.2.8 Administrator consider to recover the offenses?

A. Use Clean SIM option.

B. Log out and Log back in.

C. Use Revert Offenses option.

D. Restore the most recent backup archive.

An Administrator working within IBM Security QRadar SIEM V7.2.8 has a network hierarchy that cannot support anymore network objects. To remedy this, they want to implement a supernet. Some of the customer CIDRs are:

-209.60.128.0/24

-209.60.129.0/24

-209.60.130.0/24

-

209.60.131.0/24

Which supernet should be used to shrink the amount of network objects for the supplied group of CIDRs?

A.

209.60.128.0/22

B.

209.60.129.0/23

C.

209.60.128.0/23

D.

209.60.127.0/27

An Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to exclude the mail servers

from a custom rule.

How would the Administrator complete this task?

A. Create a building block that includes the IP addresses of all mail servers, use that building block in the custom rule, to exclude those hosts.

B. Create several rules excluding each mail server. Place these rules with the custom rule in a master rule, making sure the custom rule is last in the sequence.

C. Create a custom rule. In the "Rule Response" section of the Rule Wizard, select the Trigger Scan option. Add the mail server IP Addresses to the table and select exclude.

D. Create the custom rule. Create a Custom Action from the Admin Tab, to exclude the mail servers IP Addresses. In the "Rule Response" section of the Rule Wizard, select the Execute Custom Action option, selecting the appropriate Custom Action.

An Administrator is adding a log source in IBM Security QRadar SIEM V7.2.8.

What required software application that supports the log source should be used for this procedure?

A. QRadarQFlow Collector

B. QRadar Event Collector

C. Device Support Module (DSM)

D. IBM X-Force Exchange plug-in for QRadar

What is the minimum required IBM Security QRadar SIEM software level to upgrade directly to V7.2.8?

A. QRadar 7.2.3

B. QRadar 7.2.4

C. QRadar 7.2.6

D. QRadar 7.2.7 Patch1

An Administrator using IBM Security QRadar SIEM V7.2.8 is using the following RegEx to extract an email

address:

(.+@[^\.].*\.[a-z]{2,}$)

What does the "[a-z]" portion capture?

A. The literal string "a-z".

B. The letter a or the letter z.

C. Any lower case letter from b to y.

D. Any lower case letter from a to z.