Download IBM Security QRadar SIEM V7.2.8 Fundamental Administration.C2150-624.TestKing.2019-02-22.60q.vcex

Vendor: IBM
Exam Code: C2150-624
Exam Name: IBM Security QRadar SIEM V7.2.8 Fundamental Administration
Date: Feb 22, 2019
File Size: 562 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
Administrators on versions of IBM Security QRadar SIEM older than V7.2.4 must use a specific upgrade path to transition to newer software versions. 
These requirements are outlined in what technical document?
  1. Fix Level Recommendation Tool
  2. IBM latest firmware release notes
  3. QRadar Software upgrade progress technical note
  4. IBM System Security Interoperation Center (SSIC)
Correct answer: C
Explanation:
Most of the upgrades of IBM products are available in technical notes. IBM security Qradar SIEM upgrade process and information can be obtained through technical notes that IBM publishes on the web. Reference http://www-01.ibm.com/support/docview.wss?uid=swg27038118
Most of the upgrades of IBM products are available in technical notes. IBM security Qradar SIEM upgrade process and information can be obtained through technical notes that IBM publishes on the web. 
Reference http://www-01.ibm.com/support/docview.wss?uid=swg27038118
Question 2
What is a precaution an Administrator should take before beginning an upgrade of IBM Security QRadar SIEM V7.2.8?
  1. Close all open offenses.
  2. Purge old data and events.
  3. Check and close all open messages.
  4. Confirm that a backup of the data is complete.
Correct answer: D
Explanation:
The first precaution listed in the IBM document states that the administrator should backup data before preparing for software upgrade. Backup of the current settings is important because if anything bad happens during the upgrade, you can always revert back to the original settings. Reference http://www-01.ibm.com/support/docview.wss?uid=swg27048793
The first precaution listed in the IBM document states that the administrator should backup data before preparing for software upgrade. Backup of the current settings is important because if anything bad happens during the upgrade, you can always revert back to the original settings. 
Reference http://www-01.ibm.com/support/docview.wss?uid=swg27048793
Question 3
After downloading the <QRadar_patchupdate>.sfs file from Fix Central, what is the next step to upgrade IBM Security QRadar SIEM V7.2.8?
  1. Log in to the console as the Admin user-> Admin tab -> Advanced Menu -> Clean SIM Model.
  2. Log in to the console as the Admin user-> Admin tab -> Advanced Menu -> Upgrade option.
  3. Use SSH to log in to the system as the root user -> Run the patch installer with the following command: /media/updates/upgrade_qradar.
  4. Use SSH to log in to the system as the root user -> Copy the patch file to the /tmp directory or to another location that has sufficient disk space.
Correct answer: D
Explanation:
  Download the fix pack to install QRadar 7.2.8 Patch 1 from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20161118202122&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc  Using SSH, log in to your system as the root user.   Copy the fix pack to the /tmp directory on the QRadar Console. Note: If space in the /tmp directory is limited, copy the fix pack to another location that has sufficient space.  To create the /media/updates directory, type the following command: mkdir -p /media/updatesReference http://www-01.ibm.com/support/docview.wss?uid=swg27049111
  Download the fix pack to install QRadar 7.2.8 Patch 1 from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20161118202122&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc
  Using SSH, log in to your system as the root user. 
  Copy the fix pack to the /tmp directory on the QRadar Console. Note: If space in the /tmp directory is limited, copy the fix pack to another location that has sufficient space.
  To create the /media/updates directory, type the following command: mkdir -p /media/updates
Reference http://www-01.ibm.com/support/docview.wss?uid=swg27049111
Question 4
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to enable the PCI report template. 
What is the procedure to accomplish this task?
  1. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> Select “Enable”
  2. Report Tab -> Enable “Show all templates” -> Group List -> Compliance -> PCI
  3. Reports Tab -> Clear “Hide Inactive Reports” box -> Group List -> Compliance -> PCI
  4. Admin Tab -> Reports -> Templates -> Compliance -> PCI -> uncheck “Hide Template”
Correct answer: C
Explanation:
1. Click the Reports tab. 2. Clear the Hide Inactive Reports check box. 3. In the Group list, select Compliance > PCI. 4. Select all report templates on the list:a. Click the first report on the list. b. Select all report templates by holding down the Shift key, while you click the last report on the list. 5. In the Actions list, select Toggle Scheduling. 6. Access generated reports:a. From the list in the Generated Reports column, select the time stamp of the report that you want to view. b. In the Format column, click the icon for report format that you want to view. Reference ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_gs_guide.pdf
1. Click the Reports tab. 
2. Clear the Hide Inactive Reports check box. 
3. In the Group list, select Compliance > PCI. 4. Select all report templates on the list:
a. Click the first report on the list. 
b. Select all report templates by holding down the Shift key, while you click 
the last report on the list. 
5. In the Actions list, select Toggle Scheduling. 6. Access generated reports:
a. From the list in the Generated Reports column, select the time stamp of the 
report that you want to view. 
b. In the Format column, click the icon for report format that you want to 
view. 
Reference ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.8/en/b_qradar_gs_guide.pdf
Question 5
An IBM Security QRadar SIEM V7.2.8 Administrator assigned to a company that is looking to add QRadar into their current network. The company has requirements for 250,000 FPM, 15,000 EPS and FIPS. 
Which QRadar appliance solution will support this requirement?
  1. QRadar 3128-C with Basic License
  2. QRadar 2100-C with Basic License
  3. QRadar 3128-C with Upgraded License
  4. QRadar 2100-C with Upgraded License
Correct answer: C
Explanation:
The upgraded license of Qradar 3128-C has 300k FPM and 15000 EPS and FIPs. Therefore the Qradar 3128-C with upgraded license is the best choice for the company. Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3128_allone.html
The upgraded license of Qradar 3128-C has 300k FPM and 15000 EPS and FIPs. Therefore the Qradar 3128-C with upgraded license is the best choice for the company. 
Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_3128_allone.html
Question 6
An Administrators will add a secondary host to an IBM Security QRadar SIEM V7.2.8 Console in a High Availability (HA) deployment scenario. 
After checking the compatibility between primary and secondary HA pairs, what other prerequisite should the Administrator check within Managed Interfaces?
  1. The shared external storage.
  2. The server certificate that is issued by the local CA.
  3. The existence of an additional distributed file system.
  4. The communication for Distributed Replicated Block Device.
Correct answer: D
Explanation:
CP port 7789 must be open and allow communication between the primary and secondary for Distributed Replicated Block Device (DRBD) traffic. DRBD traffic is responsible for disk replication and is bidirectional between the primary and secondary host. Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_appliance_require.html
CP port 7789 must be open and allow communication between the primary and secondary for Distributed Replicated Block Device (DRBD) traffic. 
DRBD traffic is responsible for disk replication and is bidirectional between the primary and secondary host. 
Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_appliance_require.html
Question 7
An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named User1 from a reference set with the name “Allowed Users” from the command line interface. 
Which command will accomplish this?
  1. ./UtilReferenceSet.sh purge “Allowed Users” User1
  2. ./ReferenceSetUtil.sh purge “Allowed Users” User1
  3. ./ReferenceSetUtil.sh delete “Allowed\ Users” User1
  4. ./UtilReferenceSet.sh delete “Allowed\ Users” User1
Correct answer: B
Explanation:
The Referencesetutil.sh purge is the correct syntax of the command. It deletes the specific user when you mention it within the reference set. Reference https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014967953
The Referencesetutil.sh purge is the correct syntax of the command. It deletes the specific user when you mention it within the reference set. 
Reference https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014967953
Question 8
When it comes to licensing, what is the difference between Events and Flows and how they are licensed?
  1. Flows are licensed based on overall count over a minute, where Events are licensed based on overall count per second.
  2. Flows are licensed based on overall count per second, where Events are licensed based on overall count over a minute.
  3. Flows and Events are both licensed by overall count per minute under an Upgraded License and per second on a Basic License.
  4. Flows and Events are both licensed by overall count per second under an Upgraded License and per second on a Basic License.
Correct answer: A
Explanation:
A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts. Reference https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar_deploy_event_and_flow_pipeline.html
A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged at that time. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session. For example, a web request might download multiple files such as images, ads, video, and last for 5 to 10 seconds, or a user who watches a Netflix movie might be in a network session that lasts up to a few hours. The flow is a record of network activity between two hosts. 
Reference https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar_deploy_event_and_flow_pipeline.html
Question 9
When an IBM Security QRadar SIEM V7.2.8 distributed deployment requires scaling horizontally to achieve Event per Second (EPS) requirements, what QRadar Component needs to be added to meet the EPS demands?
  1. Event Manager
  2. Event Indexing
  3. Event Collector
  4. Event Processor
Correct answer: D
Explanation:
The QRadar SIEM Event Processor Virtual 1699 appliance supports the following items:Up to 10,000 events per second 2 TB or larger dedicated event storage Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_siem_vrt_ap_ov.html
The QRadar SIEM Event Processor Virtual 1699 appliance supports the following items:
  • Up to 10,000 events per second 
  • 2 TB or larger dedicated event storage 
Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.qradar.doc_7.2.4/c_siem_vrt_ap_ov.html
Question 10
The event data collected by IBM Security QRadar SIEM V7.2.8 is being deleted after one month. The legal department required the data be kept for two months. 
What can the administrator do to accommodate this requirement?
  1. Change the nightly backup Priority to “High”.
  2. Change the nightly backup to a monthly backup.
  3. Change the Default Event Retention Policy property field “Do not delete data in this bucket” to two months.
  4. Change the Default Event Retention Policy property field “Keep data placed in this bucket for” to two months.
Correct answer: C
Explanation:
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. Reference https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210-b380-4674894a6ad9
When storage space is required - Select this option if you want events or flows that match the Keep data placed in this bucket for parameter to remain in storage until the disk monitoring system detects that storage is required. If used disk space reaches 85% for records and 83% for payloads, data will be deleted. Deletion continues until the used disk space reaches 82% for records and 81% for payloads. 
When storage is required, only events or flows that match the Keep data placed in this bucket for parameter are deleted. 
Reference https://www.ibm.com/developerworks/community/forums/atom/download/Event_Flow_Retention_QRadar_72_AdminGuide.pdf?nodeId=593f2b31-a858-4210-b380-4674894a6ad9
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!