ibm.selftestengine.c2150 400.v2015!03!13.by.guillermo.64q unprotected

www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn

Selftestengine.C2150-400.64.QA

Number: C2150-400Passing Score: 800Time Limit: 120 minFile Version: 11.2

This Dump follows the motto of ultimate success.This proven study materials will help you prepare for success!In my opinion, this is the best training value in the world.Boost up your confidence to sit in exam.Practice test questions are a very good way of ensuring everyone reaches a common level of understanding. It allows us to set a course benchmark from which

everyone can proceed with their learning.Guys!!! Took this exam today, all questions are from this dump.

Video Training (PHP, PYTHON, JAVA, Nodejs, .NET, UX UI, SECURITY, ANDROID, IOS ..SEO, BITCOIN, YOUTUBE, FACEBOOK..) & Dumps & Student Guide (Cisco, Vmware, Oracle, REDHAT LINUX ..) & Workshop Update Daily https://goo.gl/VVmVZ0

How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">


Exam A

QUESTION 1Which option needs to be specified in the syslinux configuration file to reinstall an IBM QRadar appliance via serial port from an USB flash-drive?

A. USB to serialB. Default serialC. Serial to USBD. serial redirect

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Reference:ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.0/QLM/EN/USB_In stallation.pdf (page 5)

QUESTION 2With a Data Deletion Policy of "When storage is required", data will remain in storage until which scenario is reached?

A. If used disk space reaches 88% for records and 85% for payloads.B. If used disk space reaches 85% for records and 88% for payloads.C. If used disk space reaches 85% for records and 83% for payloads.D. If used disk space reaches 83% for records and 85% for payloads.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Reference: http://www.juniper.net/techpubs/software/management/strm/2013_2/strm-adminguide.pdf (page 85, see the table, 5th row, second column, firstbulleted point)

QUESTION 3Which two actions can be selected from the license drop-down in the system and license management screen when working with a new license? (Choose two.)

A. Apply licenseB. Upload license




C. Allocate license to systemD. Allocate system to licenseE. Register system to license

Correct Answer: ACSection: (none)Explanation

Explanation/Reference:

QUESTION 4How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updatesare made on the Secondary host through an Automated Update Process?

A. Every 10 minutesB. Every 15 minutesC. Every 30 minutesD. Every 60 minutes

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Reference:http://www.juniper.net/techpubs/software/management/strm/2010_0_R1/Admin_STRM.pdf (page 68, see the second note)

QUESTION 5What two are valid actions that a user can perform when monitoring offenses? (Choose two.)

A. Import offensesB. Backup offensesC. Restore offensesD. Send email notificationsE. Hide or close an offense from any offense list

Correct Answer: BESection: (none)




Explanation


QUESTION 6What is a valid QVM scan status?

A. ActiveB. PausedC. ScanningD. Complete

Correct Answer: ASection: (none)Explanation


QUESTION 7What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?

A. QRadar 3124 ConsoleB. QRadar 1624 ProcessorC. QRadar 1724 ProcessorD. QRadar 700 Risk Manager



QUESTION 8What will be restored when restoring event data or flow data for a particular period to a MH?

A. Only data sent to the console for that time period is restored to the MH.




B. Only event data or flow data for the MH being restored will be restored to that MH.C. Only data that was accumulated for reports and searches will be restored to the MH.D. All data for all MHs for a specific time period is restored to its respective hosts in the deployment.



QUESTION 9Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?

A. /opt/qradar/conf/B. /opt/qradar/wwwC. /opt/tomcat/conf/D. /opt/qradar/webapps


Explanation/Reference:Reference: file:///Users/iMac/Downloads/QRadar_721_AdminGuide.pdf (page 90, see the table, last row, second column)

QUESTION 10Which network monitoring port does Cisco NetFlow require to be configured in QRadar?

A. Port 514B. Port 161C. Port 2055D. Port 8080






Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.3/com.ibm.qradar.doc_7.2.3/c_qradar_adm_f low_source_ovrvw.html

QUESTION 11A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningfuloffenses for the environment. Which role permission is required for enabling and disabling the rule?

A. Offenses > Maintain CRE RulesB. Offenses > Toggle Custom RulesC. Offenses > Manage Custom RulesD. Offenses > Maintain Custom Rules



QUESTION 12Which operating system is supported for creating a bootable flash drive for recovery?

A. Cisco IOSB. Florida LinuxC. Debian LinuxD. RedHat Linux



QUESTION 13Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner?

A. \xmlB. 'xml'




C. *\.xmlD. */.xml


Explanation/Reference:Reference:ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/ ManagingVAGuide-71MR1.pdf (page 14)

QUESTION 14Which two file systems does QRadar support for offboard storage partitions? (Choose two.)

A. XFSB. BtrfsC. F2FSD. EXT4E. NTFS

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:Reference: http://www.juniper.net/techpubs/en_US/jsa2014.1/information-products/topic- collections/jsa-configuring-offboard-storage.pdf (page 17)

QUESTION 15Assuming a Squid Proxy has logs in the following format:

Time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type And these are some sample logs from a Squid server:




Which regular expression would you use to pull out the bytes field into a custom property?

A. \w+/\d+\s+(\d+)\s+B. \w+/\d+\s+(\d+)\S+C. \w+/\d+\S+(\d+)\s+D. \w+/\D+\s+(\D+)\s+



QUESTION 16Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows eventsand flows and not events from other networks?

A. No RestrictionsB. Log Sources OnlyC. Networks OR Log SourcesD. Networks AND Log Sources






QUESTION 17On the QRadar console you have received notification that CVE ID: CVE-2010-000 is being actively used.

What search parameter should you select from the list of search parameters in this situation?

A. Collateral Damage ReferenceB. Vulnerability External ReferenceC. Vulnerability Information SystemD. Vulnerability Internal System Reference


Explanation/Reference:Reference:ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.1/QRadar/EN/b_qra dar_gs_guide.pdf (page 250

QUESTION 18Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.)

A. One log source must have one DSM.B. One DSM must have many log sources.C. One log source must have many DSMs.D. One DSM can have only one log source.E. One DSM can be used in many log sources.

Correct Answer: CESection: (none)Explanation


QUESTION 19




What are the two expected Host Statuses after HA setup if the initial synchronization is complete? (Choose two.)

A. Primary: ActiveB. Primary: OfflineC. Secondary: FailedD. Secondary: ActiveE. Secondary: StandbyF. Primary: Synchronizing

Correct Answer: AESection: (none)Explanation


QUESTION 20An off-site source can connect to which component?

A. Flow collectorB. Event collectorC. Flow processorD. Event processor


Explanation/Reference:Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/c_qradar_adm_ qradar_siem_component.html?cp=SS42VS_7.2.1%2F4-0-11-3-0&lang=fr (see off-site source)

QUESTION 21Which two fields are required to be filled out when adding a new network to the network hierarchy? (Choose two.)

A. WeightB. IP and CIDR




C. Capture FilterD. Flow Source InterfaceE. Flow Retention Length

Correct Answer: ADSection: (none)Explanation


QUESTION 22A user of QRadar wishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property forthis application.

Which type of custom property is required for this to be accomplished?

A. Regex Custom PropertyB. Advanced Custom PropertyC. Computation Custom PropertyD. Calculation Based Custom Property



QUESTION 23Which attribute is valid when defining the user roles to provide the necessary access?

A. Admin: System AdministratorB. Log Activity: View Custom RulesC. Log Activity: Manage Time SeriesD. Network Activity: Maintain custom Rules

Correct Answer: ASection: (none)




Explanation


QUESTION 24You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to beprocessed by the CRE, but not stored on the system.

What will allow you to do this process?

A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the"Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.

B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the"Normalized Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.

C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that, under Current Filters "Matches All IncomingEvents", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward' and 'Drop' options. Save anddeploy.

D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add aRouting Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination youcreated. Then select the 'Forward* and 'Drop* options. Save and deploy.



QUESTION 25Which function allows a custom event property to be removed from a selected event?

A. AnomalyB. Map EventC. False PositiveD. Extract Property






QUESTION 26Which two authentication methods for the QRadar User Interface are valid? (Choose two.)

A. SecureIDB. Digital SignaturesC. Password Authentication Protocol (PAP)D. Remote Authentication Dial In User Service (RADIUS)E. Terminal Access Controller Access-Control System (TACACS)

Correct Answer: DESection: (none)Explanation

Explanation/Reference:Answer is renovated.

QUESTION 27Which three tasks can an administrator perform from the QRadar SIEM reports tab? (Choose three.)

A. Brand reportsB. Ability to create custom reportsC. Ability to create custom compliance templatesD. Present statistics derived from source IP and destination IPE. Present measurements and statistics derived from real time dataF. Present measurements and statistics derived from events, flows and offenses

Correct Answer: BDFSection: (none)Explanation


QUESTION 28What type of users can view all reports that are created by other users?




A. AuditorsB. AnalystsC. ManagersD. Administrators


Explanation/Reference:Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.2/com.ibm.qradar.doc_7.2.2/c_qradar_report _mgt.html?cp=SS42VS_7.2.2%2F6-0-11

QUESTION 29What does the message in the System Notification Widget on the Dashboard "Disk sentry:System disk usage back to normal levels." tell you?

A. One of your File Systems has been reduced to below 92%.B. One of your File Systems has been reduced to below 95%.C. One of your File Systems has been reduced to below 98%.D. One of your File Systems has been reduced to below 90%.


Explanation/Reference:Reference:ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/ QRadar_71MR1_TroubleshootingGuide.pdf (page 10)

QUESTION 30A QRadar administrator is sizing a distributed deployment. The deployment has approximately 2 million flows per minute (FPM) and needs at least 7 terabytes ofstorage.

Which architecture is correct?

A. One 1724 flow processorB. One 1705 flow processor




C. Two 1724 flow processorsD. Two 1705 flow processors



QUESTION 31A customer has a requirement to integrate with QRadar to capture events coming from IBM DB2.

Which protocol should an administrator use to integrate Log Enhanced Event format (LEEF) events while configuring Log Sources on QRadar console?

A. JDBCB. SNMPC. SyslogD. Log File



QUESTION 32From the given event payload format:

You are tasked with creating a Reference Set of the second IPs in the payload.

What needs to be done to complete this task?




A. Create a Custom Event Property to parse the second IP in the payload. From the Log Source config for the above event, choose "add to reference set" andselect your reference set.

B. From the Reference Set Management screen, select "create reference set from Log Source Event". Pick the Log Source from the drop down. Pick the EventName from the drop down.

C. From the Reference Set Management screen, select "create reference set from Log Source Event". Pick the Log Source from the drop down. Pick the CustomEvent Property from the drop down.

D. Create a Custom Event Property to parse the second IP in the payload. Create a rule that tests for events from the Log Source that is collecting the aboveevent, and for Rule Response add the Custom Event Property to the Reference Set.



QUESTION 33What functionalities of QRadar provide the ability to collect, understand, and properly categorize events from external sources?

A. Log sourcesB. Flow sourcesC. Syslog sourcesD. External sources


Explanation/Reference:Reference: http://www.juniper.net/techpubs/en_US/jsa2014.1/information-products/topic- collections/jsa-log-source-user-guide.pdf (p. 14, log sources overview)

QUESTION 34What is a benefit of enabling indexes on event properties?

A. Improved Offense CorrelationB. Improved search performanceC. Improved Performance of Custom RulesD. Improved accuracy of auto-discovery log sources






QUESTION 35Which IP address of a NATed server is used to access the server from outside the network?

A. Public IP addressB. Private IP addressC. Cluster IP addressD. Secondary IP address



QUESTION 36You notice the following message in the System Notification Widget on the Dashboard:

"Unable to automatically detect the associated log source for IP address."

When you hover over the message, you see this pop-up message:

What is the issue?




A. There are events coming from IP 127.0.0.1 that cannot be autodiscovered and a Log Source CreatedB. There are events coming from IP 192.168.2.90 that cannot be autodiscovered and a Log Source CreatedC. There are events coming from IP 172.16.77.25 that cannot be autodiscovered and a Log Source CreatedD. There are events coming from hostname red6.color.com that cannot be autodiscovered and a Log Source Created



QUESTION 37Which two proxy options are required to be set when using a Proxy Server for Auto Updates in QRadar? (Choose two.)

A. Proxy TypeB. Proxy NameC. Proxy ScheduleD. Proxy Server URLE. Proxy Port number

Correct Answer: BDSection: (none)Explanation

Explanation/Reference:Updated.

QUESTION 38What does Server discovery allow the QRadar administrator to do?

A. DiscoverB. Define rules for hostsC. Create host searchesD. Populate host definition building blocks





Explanation

Explanation/Reference:Reference:http://www.juniper.net/techpubs/software/management/strm/2010_0_R1/Admin_STRM.pdf (page 21, see the table, first row, second column, second bulleted point)

QUESTION 39The following message is displayed in the System Notification Widget on the Dashboard:

Which script should be run to help determine the cause of the dropped events?

A. /opt/qradar/support/dumpGvData.shB. /opt/qradar/support/dumpDSMInfo.shC. /opt/qradar/support/cleanAssetModel.shD. /opt/qradar/support/findExpensiveCustomRules.sh


Explanation/Reference:Corrected.

QUESTION 40What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?

A. QRadar 3105 ConsoleB. QRadar 1705 ProcessorC. QRadar 1605 ProcessorD. QRadar 700 Risk Manager

Correct Answer: A




Section: (none)Explanation

Explanation/Reference:Reference: http://www.arrowecs.ae/FMS/16966.appliance_datasheet.pdf (page 3)

QUESTION 41What should the format of a CSV file be while importing assets on the QRadar console?

A. ip,portweight,descriptionB. ip,name,weightmagnitudeC. ip.name.weight.descriptionD. ip.name.severity.description


Explanation/Reference:Reference: http://www-03.ibm.com/certify/tests/objC2150-195.shtml (search for name, weight, description)

QUESTION 42Which option will display the rule that triggered an offense from Offense Details screen?

A. Display > RulesB. Display > SourcesC. Offenses tab > RulesD. Display > Annotations


Explanation/Reference:Modified.

QUESTION 43A mail server typically communicates with 50 hosts per second in the middle of the night and then suddenly starts communicating with 1.000 hosts a second. Theadministrator wants to get an email alert whenever this situation is being observed.




Which type of rule should an administrator create to monitor this situation?

A. Flow RuleB. Anomaly RuleC. Threshold RuleD. Behavioral Rule



QUESTION 44What should be the latency between the primary and secondary HA hosts?

A. Less than 1 millisecondB. Less than 2 millisecondsC. Less than 3 millisecondsD. Less than 4 milliseconds


Explanation/Reference:Reference:ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/ QRadar_71MR1_HighAvailabilityGuide.pdf (page 14, linkbandwidth and latency)

QUESTION 45Which NetFlow versions does QRadar SIEM support?

A. 1, 2, 3, and 4B. 1, 4, 7, and 9C. 1, 3, 5, and 9D. 1, 5, 7, and 9





Explanation/Reference:Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/c_qradar_adm_ netflow.html (second para, first sentence)

QUESTION 46How do you view Raw Events on the Log Activity tab?

A. Select "Raw Events" from the View list boxB. Select "Raw Events" from the Actions list boxC. Select "Raw Events" from the Display list boxD. Select "Raw Events" from the Quick Searches list box


Explanation/Reference:Reference:ftp://ftp.software.ibm.com/software/security/products/qradar/documents/71MR1/LogMgr/LM- 71MR1-Usersguide.pdf (page 33)

QUESTION 47There is a requirement at the customer site to double the default QFlow Maximum Content Capture size.

What would be the resulting packet size?

A. 64 bytesB. 128 bytesC. 256 bytesD. 1024 bytes






QUESTION 48What is the result when adding host definition building blocks to QRadar?

A. Creates OffensesB. Reduces false positivesC. Makes searches run fasterD. Authorizes QRadar Services


Explanation/Reference:Still Valid.

QUESTION 49Which configuration window defines the maximum number of TCP syslog connections?

A. Log SourcesB. System SettingC. Console SettingD. Deployment Editor



QUESTION 50Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment?

A. BlueB. GreyC. Black




D. Yellow



QUESTION 51A QRadar SIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication withfile sharing sites. In which group will the administrator find this specified building block?

A. PolicyB. Host DefinitionsC. Network DefinitionD. Category Definitions



QUESTION 52Which character is used for naming subgroups when using the option Add Group in the Network Hierarchy editor?

A. +(plus)B. . (period)C. \ (Backslash)D. /(Forward Slash)






QUESTION 53There are unknown log records from unsupported security device events in the Log activity tab. You are planning to write an LSX for an unsupported securitydevice type based on UDSM. What is the file format and payload option for exporting the unknown log records?

A. XLS and full exportB. CSV and full exportC. XML and visible columnD. PDF and visible column



QUESTION 54Which command will install the patch after mounting the patch file?

A. /media/updates/setupB. /media/updates/installerC. /media/updates/setup -patchD. /media/updates/installer -patch


Explanation/Reference:Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27041545

QUESTION 55What does QRadar use to group the event or flow according to the network?

A. Network mappingB. Network hierarchyC. Application mappingD. Application hierarchy






QUESTION 56Which two search filters are available on the QRadar console while making an asset search? (Choose two.)

A. PCI Severity. NERC SeverityB. Vulnerability CVSS Base Score. Vulnerability Risk ScoreC. Vulnerability on Open Port, Vulnerability on Open ServiceD. Vulnerability on Open Port, Vulnerability External ReferenceE. Vulnerability on Source Port, Vulnerability on Destination Port

Correct Answer: BESection: (none)Explanation


QUESTION 57Which default flow source is included in the QRadar SIEM?

A. IPFIXB. jFlowC. QFlowD. NetFlow


Explanation/Reference:Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.3/com.ibm.qradar.doc_7.2.3/c_qradar_adm_f low_source_ovrvw.html




QUESTION 58You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log sourcetype GenericDSM and the correct Log Source Event ID.

What is the next step in this process?

A. Create the high level and low level categories from the map id actionB. Map the custom log records to your own custom high level and low level categoriesC. Create the high level and low level categories from the Rules section in the Offense tabD. Run the qidmap.pl script to create high level and low level categories from the command line



QUESTION 59In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)

A. Top 5 Source IPs sectionB. Click on Display > SourcesC. Click on Display > DestinationsD. Click on Event/Flow Count field's Events linkE. Click on Events button in Last 10 Events section

Correct Answer: BDSection: (none)Explanation


QUESTION 60Which tab in the QRadar web console allows flows to be monitored and investigated?

A. Admin




B. AssetsC. OffensesD. Network Activity


Explanation/Reference:Reference:ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/ QRadar_71MR1_GettingStartedGuide.pdf (page 10, offenses tab)

QUESTION 61A customer has log files from Windows-based systems and wants to push those logs to the QRadar console.

What options should the customer use in WinCollect to collect and forward these logs?

A. File ForwarderB. Flow ForwarderC. Event ForwarderD. Windows-based Event Log Forwarder



QUESTION 62What is the minimum bandwidth needed between the primary and secondary HA host?

A. 1 gigabits per second (Gbps)B. 2 gigabits per second (Gbps)C. 3 gigabits per second (Gbps)D. 4 gigabits per second (Gbps)





Explanation

Explanation/Reference:Reference:ftp://ftp.software.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDoc s/QRadar_71MR1_HighAvailabilityGuide.pdf (page 9)

QUESTION 63Which directory from the QRadar host can be moved to offboard storage?

A. A/arB. /storeC. /homeD. /media



QUESTION 64Which three graph types are available for QRadar Log Manager reports? (Choose three.)

A. Pie graphB. HistogramC. Bar graphD. Trivial graphE. Stacked bar graphF. Stacked table graph

Correct Answer: ACFSection: (none)Explanation

Explanation/Reference:Reference: http://www.juniper.net/techpubs/software/management/strm/2012_0_R2/strm-lm- user-guide.pdf (page 18)



ibm.selftestengine.c2150 400.v2015!03!13.by.guillermo.64q unprotected

Documents

disk space

serial redirectcorrect

automated update process

licensecorrect answer

minutescorrect answer

license dropdown

new license

dumps student guide