Download IBM Security QRadar SIEM V7.2.8 Fundamental Administration.C2150-624.Pass4Sure.2019-01-04.55q.vcex

Vendor: IBM
Exam Code: C2150-624
Exam Name: IBM Security QRadar SIEM V7.2.8 Fundamental Administration
Date: Jan 04, 2019
File Size: 535 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
When it comes to licensing, what is the difference between Events and Flows and how they are licensed?
  1. Flows are licensed based on overall count over a minute, where Events are licensed based on overall count per second.
  2. Flows are licensed based on overall count per second, where Events are licensed based on overall count over a minute.
  3. Flows and Events are both licensed by overall count per minute under an Upgraded License and per second on a Basic License.
  4. Flows and Events are both licensed by overall count per second under an Upgraded License and per second on a Basic License.
Correct answer: A
Explanation:
A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts. Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar_deploy_event_and_flow_pipeline.html
A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts. 
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar_deploy_event_and_flow_pipeline.html
Question 2
When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar 
Component needs to be added to meet the EPS demands? 
  1. Event Manager
  2. Event Indexing
  3. Event Collector
  4. Event Processor
Correct answer: D
Explanation:
The QRadar SIEM Event Processor Virtual 1699 appliance supports the following items:Up to 10,000 events per second 2 TB or larger dedicated event storage Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_siem_vrt_ap_ov.html
The QRadar SIEM Event Processor Virtual 1699 appliance supports the following items:
  • Up to 10,000 events per second 
  • 2 TB or larger dedicated event storage 
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_siem_vrt_ap_ov.html
Question 3
The event data collected by IBM Security QRadar SIEM V7.2.8 is being deleted after one month. The legal department required the data be kept for two months. 
What can the administrator do to accommodate this requirement?
  1. Change the nightly backup Priority to “High”.
  2. Change the nightly backup to a monthly backup.
  3. Change the Default Event Retention Policy property field “Do not delete data in this bucket” to two months.
  4. Change the Default Event Retention Policy property field “Keep data placed in this bucket for” to two months.
Correct answer: D
Explanation:
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. Reference: https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210-b380-4674894a6ad9
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. 
When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. 
Reference: https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210-b380-4674894a6ad9
Question 4
Which is an officially supported operating system for IBM Security QRadar SIEM V7.2.8 installations on customer supplied hardware?
  1. Ubuntu Linux
  2. Windows 2012
  3. Fedora Linux
  4. Red Hat Enterprise Linux
Correct answer: D
Explanation:
The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operating system. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_appframework_devguide.pdf
The IBM Security QRadar Application Framework SDK can be installed on Windows, Linux, or OSX operating system. 
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_appframework_devguide.pdf
Question 5
The Administrator of an IBM Security QRadar SIEM V7.2.8 deployment needs to determine which rules are most active in generating offenses. 
How would the Administrator accomplish this from the Offenses tab of the QRadar console?
  1. Rules -> Group -> “Most Active Offenses”.
  2. Rules -> Rules -> Offense Count to reorder the column in descending order.
  3. All Offenses -> All Offenses -> Offense Count to reorder the column in descending order.
  4. All Offenses -> All Offenses -> Events to reorder the column in descending order. Use the Actions menu to view the rule information for a specific offence.
Correct answer: B
Explanation:
1. Click the Offenses tab. 2. On the navigation menu, click Rules. To determine which rules are most active in generating offenses, from the rules page, click Offense Count to reorder the column in descending order. 3. Double-click any rule to display the Rule Wizard. You can configure a response to each rule. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_tuning_guide.pdf
1. Click the Offenses tab. 
2. On the navigation menu, click Rules. To determine which rules are most active in generating offenses, from the rules page, click Offense Count to reorder the column in descending order. 
3. Double-click any rule to display the Rule Wizard. You can configure a response to each rule. 
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_tuning_guide.pdf
Question 6
An IBM Security QRadar SIEM V7.2.8 Administrator needs to download a nightly configuration backup file from a past day through the Web Console. 
Which steps must be followed to achieve this?
  1. Admin Tab -> System Configuration -> Backup and Recovery -> Generate new backup -> Save
  2. Admin Tab -> System Configuration -> Backup and Recovery -> Choose the name of an Existing backup
  3. Admin Tab -> System Configuration -> Backup and Recovery -> Import New Backup -> Select file extension -> Save
  4. Admin Tab -> System Configuration -> System Settings -> Database Settings -> Choose the name of an Existing backup
Correct answer: B
Explanation:
The backups are listed in Backup and recovery section of the system configuration in the admin tab. You can click on the existing backup and it will show you the options to download it. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_admin_guide.pdf
The backups are listed in Backup and recovery section of the system configuration in the admin tab. You can click on the existing backup and it will show you the options to download it. 
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_admin_guide.pdf
Question 7
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration backup files from the previous day to an off-site location. 
What is the default location where these files can be found?
  1. /store/backup
  2. /store/exports
  3. /store/postgres
  4. /store/backupHost
Correct answer: A
Explanation:
The default location is /store/backup. This path must exist before the backup process is initiated. If this path does not exist, the backup process aborts. If you modify this path, make sure the new path is valid on every system in your deployment. Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_admin_guide.pdf
The default location is /store/backup. This path must exist before the backup process is initiated. If this path does not exist, the backup process aborts. If you modify this path, make sure the new path is valid on every system in your deployment. 
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_admin_guide.pdf
Question 8
How many dashboards come by default in IBM Security QRadar SIEM V7.2.8?
  1. 1
  2. 5
  3. 7
  4. 10
Correct answer: B
Explanation:
There are five default dashboards:1 – application overview 2 – compliance overview 3 – network overview 4 – system monitoring 5 – threat and security monitoring Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_users_guide.pdf
There are five default dashboards:
1 – application overview 
2 – compliance overview 
3 – network overview 
4 – system monitoring 
5 – threat and security monitoring 
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_users_guide.pdf
Question 9
An IBM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on the console. 
Which command can the Administrator run to begin diagnosing this issue?
  1. /etc/init.d/tomcat status
  2. /etc/init.d/ariel_query_server status
  3. /opt/qradar/init/apply_tunning status
  4. /opt/qradar/init/ariel_query_server status
Correct answer: D
Explanation:
If the Ariel Query Server is not running, a full configuration deployment may resolve this issue by restarting all services on the managed host after deploying the most recent configuration on it. If the Ariel Query Server is still not running after a full deployment, contact support for further assistance. Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21991038
If the Ariel Query Server is not running, a full configuration deployment may resolve this issue by restarting all services on the managed host after deploying the most recent configuration on it. If the Ariel Query Server is still not running after a full deployment, contact support for further assistance. 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21991038
Question 10
An Administrator working with IBM Security QRadar SIEM V7.2.8 has updated the date/time on the QRadar console system and wants to update these date/time settings to all his hosts in the distributed environment. 
What command should be run? 
  1. /opt/qradar/bin/datesync_all_servers.sh
  2. /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh
  3. /opt/qradar/support/fullDeployment.sh /opt/qradar/bin/time_sync.sh
  4. /opt/qradar/support/all_servers.sh /opt/qradar/bin/check_date_change.sh
Correct answer: B
Explanation:
To run time synchronization on all hosts and see if any fail to synchronize with the Console, from the root directory (/) type the following command: ./opt/qradar/support/all_servers.sh "/opt/qradar/bin/time_sync.sh" Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21700463
To run time synchronization on all hosts and see if any fail to synchronize with the Console, from the root directory (/) type the following command: ./opt/qradar/support/all_servers.sh "/opt/qradar/bin/time_sync.sh" 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21700463
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!