IBM C2150-612 問題練習

Question No : 1
What is the maximum number of supported dashboards for a single user?

• A.10
• B.25
• C.255
• D.1023

答えを確認する

正解:
Explanation:
Reference:
http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_custom_dboard.html

Question No : 2
Which QRadar component is designed to help increase the search speed in a deployment by allowing more data to remain uncompressed?

• A.QRadar Data Node
• B.QRadar Flow Processor
• C.QRadar Event Collector
• D.Qradar Event Processor

答えを確認する

正解:

Question No : 3
What is the difference between TCP and UDP?

• A.They use different port number ranges
• B.UDP is connectionless, whereas TCP is connection based
• C.TCP is connectionless, whereas UDP is connection based
• D.TCP runs on the application layer and UDP uses the Transport layer

答えを確認する

正解:

Question No : 4
An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username.
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?

• A.Each matching event will be tagged with the Rule name, but only one Offense will be created.
• B.Each matching event will cause a new Offense to be created and will be tagged with the Rule name.
• C.Events will be tagged with the rule name as long as the Rule Response limiter is satisfied. Only one offense will be created.
• D.Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.

答えを確認する

正解:

Question No : 5
What is a capability of the Network Hierarchy in QRadar?

• A.Determining and identifying local and remote hosts
• B.Capability to move hosts from local to remote network segments
• C.Viewing real-time PCAP traffic between host groups to isolate malware
• D.Controlling DHCP pools for segments groups (i.e. marketing, DMZ, VoIP)

答えを確認する

正解:
Explanation:
Reference: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_gs_ntwrk_hrchy.html

Question No : 6
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)

• A.Rules
• B.By Category
• C.My Offenses
• D.By Event Name
• E.Create Offense
• F.Closed Offenses

答えを確認する

正解:

Question No : 7
Which three log sources are supported by QRadar? (Choose three.)

• A.Log files via SFTP
• B.Barracuda Web Filter
• C.TLS multiline Syslog
• D.Oracle Database Listener
• E.Sourcefire Defense Center
• F.Java Database Connectivity (JDBC)

答えを確認する

正解:

Question No : 8
Which two are top level options when right clicking on an IP Address within the Offense Summary page? (Choose two.)

• A.WHOIS
• B.Navigate
• C.DNS Lookup
• D.Information
• E.Asset Summary Page

答えを確認する

正解:

Question No : 9
What is a primary goal with the use of building blocks?

• A.A method to create reusable rule responses
• B.A reusable test stack that can be used in other rules
• C.A method to generate reference set updates without using a rule
• D.A method to create new events back into the pipeline without using a rule

答えを確認する

正解:

Question No : 10
What is an example of the use of a flow data that provides more information than an event data?

• A.Represents a single event on the network
• B.Automatically identifies and better classifies new assets found on a network
• C.Performs near real-time comparisons of application data with logs sent from security devices
• D.Represents network activity by normalizing IP addresses ports, byte and packet counts, as well as other details

答えを確認する

正解:
Explanation:
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21682445

Question No : 11
Given these default options for dashboards on the QRadar Dashboard Tab: Which will display a list of offenses?

• A.Network Overview
• B.System Monitoring
• C.Vulnerability Management
• D.Threat and Security Monitoring

答えを確認する

正解:

Question No : 12
Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?

• A.Outlier Rule
• B.Anomaly Rule
• C.Threshold Rule
• D.Behavioral Rule

答えを確認する

正解:
Explanation:
Reference:
http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/ c_qradar_rul_anomaly_detection.html

Question No : 13
What is the key difference between Rules and Building Blocks in QRadar?

• A.Rules have Actions and Responses; Building Blocks do not.
• B.The Response Limiter is available on Building Blocks but not on Rules.
• C.Building Blocks are built-in to the product; Rules are customized for each deployment.
• D.Building Blocks are Rules which are evaluated on both Flows and Events; Rules are evaluated on Offenses of Flows or Events.

答えを確認する

正解:

Question No : 14
Which saved searches can be included on the Dashboard?

• A.Event and Flow saved searches
• B.Asset and Network saved searches
• C.User and Vulnerability saved searches
• D.Network Activity and Risk saved searches

答えを確認する

正解:

Question No : 15
What is a common purpose for looking at flow data?

• A.To see which users logged into a remote system
• B.To see which users were accessing report data in QRadar
• C.To see application versions installed on a network endpoint
• D.To see how much information was sent from a desktop to a remote website

答えを確認する

正解: