24 December, 2019

[Dec-2019-25] Most Recent C2150-612 Testing Engine

Want to know Exambible C2150-612 Exam practice test features? Want to lear more about IBM IBM Security QRadar SIEM V7.2.6 Associate Analyst certification experience? Study Downloadable IBM C2150-612 answers to Far out C2150-612 questions at Exambible. Gat a success with an absolute guarantee to pass IBM C2150-612 (IBM Security QRadar SIEM V7.2.6 Associate Analyst) test on your first attempt.

Page: 1 / 8

Total 106 questions Full Exam Access

Question 1

Which set of information is provided on the asset profile page on the assets tab in addition to ID?

Asset Name, MAC Address, Magnitude, Last user

IP Address, Asset Name, Vulnerabilities, Services

IP Address, Operating System, MAC Address, Services

Vulnerabilities, Operative System, Asset Name, Magnitude

Question 2

A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected.
Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation.
How can the Security Analyst ensure results of the penetration test are retained?

Hide the offense and add a note with a reference to the penetration test findings

Protect the offense to not allow it to delete automatically after the offense retention period has elapsed

Close the offense and mark the source IP for Follow-Up to check if there are future events from the host

Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense

Question 3

An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username.
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?

Each matching event will be tagged with the Rule name, but only one Offense will be created.

Each matching event will cause a new Offense to be created and will be tagged with the Rule name.

Events will be tagged with the rule name as long as the Rule Response limiter is satisfie

Only one offense will be created.

Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.

Question 4

Which two actions can be performed on the Offense tab? (Choose two.)

Adding notes

Deleting notes

Hiding offenses

Deleting offenses

Creating offenses

Question 5

A Security Analyst is looking on the Assets Tab at an asset with offenses associated to it.
With a "Right Click" on the IP address, where could the Security Analyst go to obtain all offenses associated with it?

Information > Asset Profile

Navigate > View by Network

Run Vulnerability Scan > Source offenses

Navigate > View Source Summary or Destination Summary

Question 6

Which information can be found under the Network Activity tab?

Flows

Events

Reports

Offenses

Question 7

Where are events related to a specific offense found?

Offenses Tab and Event List window

Dashboard and List of Events window

Offense Summary Page and List of Events window

Under Log Activity, search for Events associated with an Offense

Question 8

Which QRadar component provides the user interface that delivers real-time flow views?

QRadar Viewer

QRadar Console

QRadar Flow Collector

QRadar Flow Processor

Question 9

Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?

Add Filter

Asset Search

Quick Search

Advanced Search

Question 10

What is the default reason for closing an Offense within QRadar?

Actioned

Non-Issue

Blocked Traffic

Acceptable Traffic

Question 11

What set of Key fields can trigger coalescing?

Source IP address, Source port, Severity, Username, and Event ID

Source IP address, Destination IP address, Destination port, Direction, and Event ID

Source IP address, Destination IP address, Destination port, Username, and Event ID

Destination IP address, Destination port, Relevance, Username, and Low Level Category

Question 12

When using the right click event filtering functionality on a Source IP, one can filter by “Source IP is not [*]”. Which two other filters can be shown using the right click event filtering functionality? (Choose two.)

Filter on DNS entry [*]

Filter on Source IP is [*]

Filter on Time and Date is [*]

Filter on Source or Destination IP is [*]

Filter on Source or Destination IP is not [*]

Question 13

What is a common purpose for looking at flow data?

To see which users logged into a remote system

To see which users were accessing report data in QRadar

To see application versions installed on a network endpoint

To see how much information was sent from a desktop to a remote website

Question 14

What is a main function of a Cisco Adaptive Security Appliance (ASA)?

A Proxy

A Switch

A Firewall

An Authentication device

Question 15

Which file type is available for a report format?

TXT

DOC

PDF

PowerPoint

Question 16

Which list is only Rule Actions?

Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.

Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.

Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.

Modify Severity; Send to Forwarding Destinations; Drop the Detected Event; Ensure the detected event is part of an offense.

Question 17

Which three data sources contribute to the creation an updates of assets? (Choose three.)

Log sources

Flow sources

Reference set imports

Vulnerability scanners

QRadar log source auto-updates

X-Force reference list integration

Question 18

What are the various timestamps related to a flow?

First Packet Time, Storage Time, Log Source Time

First Packet Time, Storage Time, Last Packet Time

First Packet Time, Log Source Time, Last Packet Time

First Packet Time, Storage Time, Log Source Time, End Time

Question 19

What is the correct procedure to both assign and add a note to an offense from the Graphical User Interface (GUI)?

Both tasks must be done independently and can only be done on the Offenses Tab

With the new release of 7.2.6 this can now be done in one step from the Offenses Tab only.

Both tasks must be done independently but can be completed from both the Offenses Tab and the Offense Summary Page.

With the new release of 7.2.6 this can now be done in one step, both from the Offenses Tab and the Offense Summary Page.

Question 20

What is the difference between TCP and UDP?

They use different port number ranges

UDP is connectionless, whereas TCP is connection based

TCP is connectionless, whereas UDP is connection based

TCP runs on the application layer and UDP uses the Transport layer

Question 21

A Security Analyst was asked to search for an offense on a specific day. The requester was not sore of the time frame, but had Source Host information to use as well as networks involved, Destination IP and username.
Which fitters can the Security Analyst use to search for the information requested?

Offense ID, Source IP, Username

Magnitude, Source IP, Destination IP

Description, Destination I

Host Name

Specific Interval, Username, Destination IP

Question 22

In a distribution QReader deployment with multiple Event Collectors, from where can syslog and JDBC log sources collected?

Syslog log sources and JDBC log sources may be collected by any Event Collector.

One Event Collector must collect ALL syslog events and another Event Collector must collect All JDBC events.

Syslog log sources and JDBC log sources are always collected by the collector assigned in the log source definition.

Syslog log sources may be collected by any Event Collector, but JDBC log sources will always be collected by collector assigned in the log source definition.

Question 23

Which two pieces of information can be found under the Log Activity tab? (Choose two )

Offenses

Vulnerabilities

Firewall events

Destination Bytes

Internal QRadar messages

Question 24

What can be considered a log source type?

ICMP

SNMP

Juniper IOP

Microsoft SMBtail

Page: 1 / 8

Total 106 questions Full Exam Access