IBM IBM Certifications C2150-624 Questions & Answers

• Question 71:

  Where are system notifications located in IBM Security QRadar SIEM V7.2.8?

  A. Only in the Admin Tab -> System Messages.

  B. Only on the banner above the QRadar navigation tabs.

  C. On the banner above the QRadar navigation tabs or on the System Monitoring dashboard.

  D. On the banner above the QRadar navigation tabs or in the Admin Tab -> System Messages.

  Correct Answer: C

  System notifications are displayed on the QRadar dashboard or in the notification window when unexpected system behavior occurs.

• Question 72:

  An Administrator working with IBM Security QRadar SIEM V7.2.8 appliances needs to update firmware. How are the files acquired?

  A. Firmware updates can be retrieved from IBM developerWorks.

  B. Refer to support documents to download the firmware approved for QRadar appliances.

  C. All firmware is automatically downloaded and no Administrator intervention is required.

  D. All firmware updates are applied as part of the QRadar software patching process, and should not be applied independently.

  Correct Answer: B

  Administrators looking for the latest firmware downloads can review this page to locate firmware updates for QRadar appliances. The installation instructions include a direct download link to the firmware from IBM Fix Central.

• Question 73:

  An Administrator is tasked with installing additional log sources into an IBM Security QRadar SIEM V7.2.8

  deployment, bringing the total number of log source to 900. The deployment is using the default license

  and the Administrator is getting an error attempting to add these additional log sources.

  Why is this error happening?

  A. The default license only allows 250 log sources.

  B. The default license only allows 500 log sources.

  C. The default license only allows 750 log sources.

  D. The default license only allows 800 log sources.

  Correct Answer: C

• Question 74:

  Offense data has become corrupted, what option should an IBM Security QRadar SIEM V7.2.8 Administrator consider to recover the offenses?

  A. Use Clean SIM option.

  B. Log out and Log back in.

  C. Use Revert Offenses option.

  D. Restore the most recent backup archive.

  Correct Answer: D

  You can back up and recover QRadar?configuration information and data.

  You can use the backup and recovery feature to back up your event and flow data; however, you must

  restore event and flow data manually.

• Question 75:

  An Administrator using IBM Security QRadar SIEM V7.2.8 is using the following RegEx:

  ([-+]?\d*$)

  What type of information is it designed to extract?

  A. Integer

  B. IP address

  C. Port number

  D. Domain name

  Correct Answer: A

  Sample regular expressions:

  email: (.+@[^\.].*\.[a-z]{2,}$)

  URL: (http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\ S*)?$)

  Domain Name: (http[s]?://(.+?)["/?:])

  Floating Point Number: ([-+]?\d*\.?\d*$)

  Integer: ([-+]?\d*$)

  IP Address: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)

  For example: To match a log that resembles: SEVERITY=43 Construct the following Regular

  Expression: SEVERITY=([-+]?\d*$)

• Question 76:

  An IBM Security QRadar SIEM V7.2.8 Administrator will install a High Availability (HA) pair of appliances.

  The primary and secondary hosts are formatted with the same file system.

  To ensure compatibility between hosts, which statement is considered a prerequisite?

  A. The size of the /home partition on the secondary must be larger than the /home partition of the primary.

  B. The size of the /var/opt/ha on the secondary must be larger than the /var/opt/ha partition of the primary.

  C. The size of the /store partition on the secondary must be lesser than the /store partition of the primary.

  D. The size of the /store partition on the secondary must be equal to or larger than the /store partition of the primary.

  Correct Answer: D

  Store partition requirements For example, do not pair a primary host that uses a 3 TB /store partition to a secondary host that has a 2 TB /store partition.

• Question 77:

  An IBM Security QRadar SIEM V7.2.8 Administrator needs to check if the "hostcontext" process is running. How can the Administrator do this?

  A. hostcontext status

  B. status hostcontext service

  C. service hostcontext status

  D. /etc/qradar/hostcontext status

  Correct Answer: C

• Question 78:

  Where are the IBM Security QRadar SIEM V7.2.8 log files located?

  A. /var/qradar.log

  B. /var/log/qradar.log

  C. /opt/qradar/log/qradar.log

  D. /opt/qradar/support/qradar.log

  Correct Answer: B

  You can review the log files for the current session individually or you can collect them to review later.

  Follow these steps to review the QRadar log files.

  To help you troubleshoot errors or exceptions, review the following log files.

  /var/log/qradar.log

  /var/log/qradar.error

  If you require more information, review the following log files:

  /var/log/qradar-sql.log

  /opt/tomcat6/logs/catalina.out

  /var/log/qflow.debug

  Review all logs by selecting Admin > System and License Mgmt> Actions > Collect Log Files.

• Question 79:

  An Administrator using IBM Security QRadar SIEM V7.2.8 needs to force an instant backup to run. Which option should be selected?

  A. Backup Now

  B. On Demand Backup

  C. Launch On Demand Backup

  D. Configure On Demand Backup

  Correct Answer: D

• Question 80:

  A retention policy allows an IBM Security QRadar SIEM V7.2.8 Administrator to define how long the system is required to keep certain types of data and what to do when data reaches a certain age. If a 3month retention policy is defined for all events, then the system will not delete event data until it's on disk timestamp is 3 months in the past. Which two choices are available in the `delete data in this bucket'? (Choose two.)

  A. When the index is full

  B. Upon reboot of the system

  C. When storage space is required

  D. When performance is heavily affected

  E. Immediately after retention period has expired

  Correct Answer: CE

  From the list box, select a deletion policy. Options include: ?When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. Immediately after the retention period has expired ?Select this option if you want events to be deleted immediately on matching the Keep data placed in this bucket for parameter. The events or flows are deleted at the next scheduled disk maintenance process, regardless of free disk space or compression requirements.