Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Samc2150 614

    Enviado por

    Benson Edwin Raj
    152 visualizações3 páginas
    The document contains sample questions and answers for the IBM Security QRadar SIEM V7.2.7 Deployment certification. It includes 10 multiple choice questions covering topics such as configuring services to start on startup, deploying QRadar in virtual appliance mode, configuring data sources, optimizing performance, and troubleshooting rules. The correct answers are bolded for each question.

    Descrição original:

    notes

    Título original

    samc2150_614 (1)

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    The document contains sample questions and answers for the IBM Security QRadar SIEM V7.2.7 Deployment certification. It includes 10 multiple choice questions covering topics such as configuring services to start on startup, deploying QRadar in virtual appliance mode, configuring data sources, optimizing performance, and troubleshooting rules. The correct answers are bolded for each question.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    152 visualizações3 páginas

    Samc2150 614

    Enviado por

    Benson Edwin Raj
    The document contains sample questions and answers for the IBM Security QRadar SIEM V7.2.7 Deployment certification. It includes 10 multiple choice questions covering topics such as configuring services to start on startup, deploying QRadar in virtual appliance mode, configuring data sources, optimizing performance, and troubleshooting rules. The correct answers are bolded for each question.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 3

    Sample Questions for:

    Test C2150-614, Security QRadar SIEM V7.2.7, Deployment

    Note: The bolded response option is the correct answer.

    C2150-614.1.1.6
    A Deployment Professional recently deployed a managed QRadar host on Amazon Web Services
    (AWS), however after a forced restart the connection is not working. The connection was
    configured using OpenVPN, but it's not running. Starting the service reconnects just fine.

    What should be done to ensure this service starts on startup?

    A. Enter /opt/qradar/bin/enable --now


    B. Copy /opt/qradar/bin/vpntool to /root/startup
    C. Create BASH script to run OpenVPN upon restart
    D. Enable VPN Connection from Admin Tab -> System Configuration to run on startup

    C2150-614.1.2.3
    A local law office in the United States is expanding globally and plans to open an office in a
    European country. The client currently has a QRadar 3128 All-in-One appliance at its
    headquarters in New York City.

    The client is using a high speed E3 WAN network to forward events from the branch offices in
    Chicago and Dallas to the Console in New York. The client likes the idea of have a single easy to
    manage appliance, however, local laws require data to be stored locally.

    What is the appropriate method for log source data collection from the European branch?

    A. Install an Event Collector in the European branch


    B. Implement an Event Processor in the European branch
    C. Use a WinCollect server to forward events from the European branch
    D. Forward the events directly to the Console from the European branch

    C2150-614.2.1.2
    A banking company needs to implement an IBM Security QRadar V7.2.7 All-in-One in virtual
    appliance mode. The Deployment Professional is considering adding a hypervisor.

    Which one is supported?

    A. KVM V22
    B. VMware ESXi 5.5
    C. OpenStack 2015.1.3
    D. Microsoft Hyper-V Server 2012

    C2150-614.3.4.8
    A client is using a custom DSM to parse events for a custom application using a Universal DSM.
    Every event is currently being labeled as unknown. The Deployment Professional has already
    created custom event properties to extract information from the payload of unknown events but
    does not have the correct Host = HostName-Test entered.

    Which problem will be encountered after the events are mapped?

    A. Custom DSM will fail to parse


    B. Events will be labeled as saved
    C. Events will be labeled as stored
    D. Custom QID will be labeled incorrectly

    C2150-614.3.5.3
    A Deployment Professional is performing a new deployment of IBM Security QRadar SIEM V7.2.7
    and needs to collect information about application level traffic from network devices.

    Which data source should be configured in QRadar?

    A. Flow source
    B. Syslog source
    C. WinCollect source
    D. LinuxCollect source

    C2150-614.4.3.5
    In which scenario should a calculation based custom event property be used?

    A. Adding two properties to determine Hostname


    B. Subtracting two properties to determine Username
    C. Dividing two properties to determine an Risk Score
    D. Multiplying two properties to determine IP Address

    C2150-614.5.2.1
    A Deployment Professional has determined that network interfaces are not able to handle the
    amount of data IBM Security QRadar SIEM V7.2.7 is processing, so many packets are being
    dropped. The Deployment Professional decides to bond two interfaces together to increase the
    capacity of the channel.

    Which mode could be used to accomplish this goal?

    A. Mode 1
    B. Mode 3
    C. Mode 6
    D. Mode 7

    C2150-614.5.5.2
    A Deployment Professional working with IBM Security QRadar SIEM V7.2.7 is asked to optimize
    the Quick Filter searching performance of the deployment. The Deployment Professional is
    considering enabling payload indexing but wants to check the requirements.
    Which two performance metrics need to be checked before enabling this option? (Choose two.)

    A. Console is using less than 50% of storage


    B. EP & FP are using less than 70% of storage
    C. Console is using less than 75% of EPS license
    D. EP, FP, & Console are utilizing less than 70% of CPU
    E. EP & FP are using less than 70% of the EPS license and FPI rating

    C2150-614.6.1.1
    A Deployment Professional is investigating a rule that is not generating offenses even though the
    log source has been added and is sending logs to a QRadar All-in-One appliance. The rule is
    based on a custom property that is present in the event payload.

    What could be one of the causes of this problem?

    A. The custom property must be indexed.


    B. The regular expression used is incorrect.
    C. The event's content is incompatible with regular expressions.
    D. The rule is defined as a 'Local' rule but should be set to 'Global'.

    C2150-614.6.2.4
    A Deployment Professional has written the following rule to create an Offense for externally
    initiated SSH connections to local systems passing through their core switches:

    After performing an SSH session, the Deployment Professional is looking at the Flow's detail to try
    to understand why the rule didn't fire.

    Which information should be examined?

    A. Check that the Source Port is 22


    B. Check that the Flow Direction is "R2L"
    C. Check that the Domain is "Default Domain"
    D. Check that the Identity Username is not 'N/A'

    Você também pode gostar