IBM IBM Certified Deployment Professional C2150-400 Questions & Answers

• Question 141:

  In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)

  A. Top 5 Source IPs section

  B. Click on Display > Sources

  C. Click on Display > Destinations

  D. Click on Event/Flow Count field's Events link

  E. Click on Events button in Last 10 Events section

  Correct Answer: BD

• Question 142:

  Which tab in the QRadar web console allows flows to be monitored and investigated?

  A. Admin

  B. Assets

  C. Offenses

  D. Network Activity

  Correct Answer: C

• Question 143:

  An off-site source can connect to which component?

  A. Flow collector

  B. Event collector

  C. Flow processor

  D. Event processor

  Correct Answer: B

• Question 144:

  Which default flow source is included in the QRadar SIEM?

  A. IPFIX

  B. jFlow

  C. QFlow

  D. NetFlow

  Correct Answer: D

• Question 145:

  You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log source type GenericDSM and the correct Log Source Event ID.

  What is the next step in this process?

  A. Create the high level and low level categories from the map id action

  B. Map the custom log records to your own custom high level and low level categories

  C. Create the high level and low level categories from the Rules section in the Offense tab

  D. Run the qidmap.pl script to create high level and low level categories from the command line

  Correct Answer: D

• Question 146:

  What are the two expected Host Statuses after HA setup if the initial synchronization is complete? (Choose two.)

  A. Primary: Active

  B. Primary: Offline

  C. Secondary: Failed

  D. Secondary: Active

  E. Secondary: Standby

  F. Primary: Synchronizing

  Correct Answer: AE

• Question 147:

  Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.)

  A. One log source must have one DSM.

  B. One DSM must have many log sources.

  C. One log source must have many DSMs.

  D. One DSM can have only one log source.

  E. One DSM can be used in many log sources.

  Correct Answer: CE

• Question 148:

  Which two file systems does QRadar support for offboard storage partitions? (Choose two.)

  A. XFS

  B. Btrfs

  C. F2FS

  D. EXT4

  E. NTFS

  Correct Answer: AD

• Question 149:

  Assuming a Squid Proxy has logs in the following format:

  Time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type And these are some sample logs from a Squid server:

  

  Which regular expression would you use to pull out the bytes field into a custom property?

  A. \w+/\d+\s+(\d+)\s+

  B. \w+/\d+\s+(\d+)\S+

  C. \w+/\d+\S+(\d+)\s+

  D. \w+/\D+\s+(\D+)\s+

  Correct Answer: A

• Question 150:

  Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows events and flows and not events from other networks?

  A. No Restrictions

  B. Log Sources Only

  C. Networks OR Log Sources

  D. Networks AND Log Sources

  Correct Answer: D