Escolar Documentos
Profissional Documentos
Cultura Documentos
C2150-614.1.1.6
A Deployment Professional recently deployed a managed QRadar host on Amazon Web Services
(AWS), however after a forced restart the connection is not working. The connection was
configured using OpenVPN, but it's not running. Starting the service reconnects just fine.
C2150-614.1.2.3
A local law office in the United States is expanding globally and plans to open an office in a
European country. The client currently has a QRadar 3128 All-in-One appliance at its
headquarters in New York City.
The client is using a high speed E3 WAN network to forward events from the branch offices in
Chicago and Dallas to the Console in New York. The client likes the idea of have a single easy to
manage appliance, however, local laws require data to be stored locally.
What is the appropriate method for log source data collection from the European branch?
C2150-614.2.1.2
A banking company needs to implement an IBM Security QRadar V7.2.7 All-in-One in virtual
appliance mode. The Deployment Professional is considering adding a hypervisor.
A. KVM V22
B. VMware ESXi 5.5
C. OpenStack 2015.1.3
D. Microsoft Hyper-V Server 2012
C2150-614.3.4.8
A client is using a custom DSM to parse events for a custom application using a Universal DSM.
Every event is currently being labeled as unknown. The Deployment Professional has already
created custom event properties to extract information from the payload of unknown events but
does not have the correct Host = HostName-Test entered.
C2150-614.3.5.3
A Deployment Professional is performing a new deployment of IBM Security QRadar SIEM V7.2.7
and needs to collect information about application level traffic from network devices.
A. Flow source
B. Syslog source
C. WinCollect source
D. LinuxCollect source
C2150-614.4.3.5
In which scenario should a calculation based custom event property be used?
C2150-614.5.2.1
A Deployment Professional has determined that network interfaces are not able to handle the
amount of data IBM Security QRadar SIEM V7.2.7 is processing, so many packets are being
dropped. The Deployment Professional decides to bond two interfaces together to increase the
capacity of the channel.
A. Mode 1
B. Mode 3
C. Mode 6
D. Mode 7
C2150-614.5.5.2
A Deployment Professional working with IBM Security QRadar SIEM V7.2.7 is asked to optimize
the Quick Filter searching performance of the deployment. The Deployment Professional is
considering enabling payload indexing but wants to check the requirements.
Which two performance metrics need to be checked before enabling this option? (Choose two.)
C2150-614.6.1.1
A Deployment Professional is investigating a rule that is not generating offenses even though the
log source has been added and is sending logs to a QRadar All-in-One appliance. The rule is
based on a custom property that is present in the event payload.
C2150-614.6.2.4
A Deployment Professional has written the following rule to create an Offense for externally
initiated SSH connections to local systems passing through their core switches:
After performing an SSH session, the Deployment Professional is looking at the Flow's detail to try
to understand why the rule didn't fire.