Exam Code: C2150-400 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: IBM Security Qradar SIEM Implementation v 7.2.1
Certification Provider: IBM
Free Today! Guaranteed Training- Pass C2150-400 Exam.
2021 May C2150-400 Study Guide Questions:
Q31. A customer has a requirement to integrate with QRadar to capture events coming from IBM DB2.
Which protocol should an administrator use to integrate Log Enhanced Event format (LEEF) events while configuring Log Sources on QRadar console?
A. JDBC
B. SNMP
C. Syslog
D. Log File
Answer: C
Q32. A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the environment.
Which role permission is required for enabling and disabling the rule?
A. Offenses > Maintain CRE Rules
B. Offenses > Toggle Custom Rules
C. Offenses > Manage Custom Rules
D. Offenses > Maintain Custom Rules
Answer: C
Q33. Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner?
A. xml
B. 'xml'
C. *.xml
D. */.xml
Answer: C
Reference:ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/Co reDocs/ManagingVAGuide-71MR1.pdf(page 14)
Regenerate C2150-400 free exam:
Q34. You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to be processed by the CRE, but not stored on the system.
What will allow you to do this process?
A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Normalized Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that, under Current Filters "Matches All IncomingEvents", under Routing Options,select the Forward destination that matches destination you created. Then select the 'Forward' and 'Drop' options. Save and deploy.
D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward* and 'Drop* options. Save and deploy.
Answer: A
Q35. Which character is used for naming subgroups when using the option Add Group in the Network
Hierarchy editor?
A. +(plus)
B. . (period)
C. (Backslash)
D. /(Forward Slash)
Answer: B
Q36. How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updates are made on the Secondary host through an Automated Update Process?
A. Every 10 minutes
B. Every 15 minutes
C. Every 30 minutes
D. Every 60 minutes
Answer: D
Reference:http://www.juniper.net/techpubs/software/management/strm/2010_0_R1/Admin_STRM. pdf(page 68, see the second note)
Validated C2150-400 testing engine:
Q37. What two are valid actions that a user can perform when monitoring offenses? (Choose two.)
A. Import offenses
B. Backup offenses
C. Restore offenses
D. Send email notifications
E. Hide or close an offense from any offense list
Answer: BE
Q38. Which function allows a custom event property to be removed from a selected event?
A. Anomaly
B. Map Event
C. False Positive
D. Extract Property
Answer: D
Q39. A user of QRadar wishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property for this application.
Which type of custom property is required for this to be accomplished?
A. Regex Custom Property
B. Advanced Custom Property
C. Computation Custom Property
D. Calculation Based Custom Property
Answer: A
Q40. Which option will display the rule that triggered an offense from Offense Details screen?
A. Display > Rules
B. Display > Sources
C. Offenses tab > Rules
D. Display > Annotations
Answer: A