IT認証試験問題集
毎月、ITshikenは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / C2150-624 問題集  / C2150-624 問題練習

IBM C2150-624 問題練習

IBM Security QRadar SIEM V7.2.8 Fundamental Administration 試験

最新更新時間: 2020/11/23,合計51問。

2020 年末感謝:C2150-624 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、C2150-624 問題集を使用してください。

 / 4

Question No : 1
An IBM Security QRadar SIEM V7.2.8 Administrator needs to retain authentication failure data to a specific domain, for a longer period than the rest of the event data being collected.
How is this task completed?

正解:
Explanation:
In current versions of QRadar you can set custom retention buckets for Events and Flows. The 10 non-default retention buckets are processed sequentially from top to bottom. Any events that do not match the retention buckets are automatically placed in the default retention bucket, located at the bottom of the list. Custom retention buckets allow the ability to add a time period and filters. If you enable a retention bucket with a defined criteria it will start deleting data from the time is was created. Any data that matches the custom retention bucket before it was created is subject to the criteria of the default retention bucket setting. If you need to delete data from before the Custom retention bucket was created you can shorten the default retention bucket so data is deleted immediately.
Reference http://www-01.ibm.com/support/docview.wss?uid=swg21622758

Question No : 2
An Administrator using IBM Security QRadar SIEM V7.2.8 is using the RegEx syntax below:
(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)
What type of information is it designed to extract?

正解:
Explanation:
Sample regular expressions:
• email: ([email protected][^\.].*\.[a-z]{2,}$)
• URL: (http\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(/\ S*)?$)
• Domain Name: (http[s]?://(.+?)["/?:])
• Floating Point Number: ([-+]?\d*\.?\d*$)
• Integer: ([-+]?\d*$)
• IP Address: (\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b)
For example: To match a log that resembles: SEVERITY=43 Construct the following Regular
Expression: SEVERITY=([-+]?\d*$)
Reference http://www.siem.su/docs/ibm/Administration_and_introduction/User_Guide.pdf

Question No : 3
An Administrator needs to create a new user role in the IBM Security QRadar SIEM V7.2.8 system.
What steps need to be followed?

正解:
Explanation:
By default, your system provides a default administrative user role, which provides access to all areas of
QRadar SIEM. Users who are assigned an administrative user role cannot edit their own account. This
restriction applies to the default Admin user role. Another administrative user must make any account
changes.
Reference ftp://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRadar/EN/
b_qradar_admin_guide.pdf

Question No : 4
When replacing a Console appliance in an IBM Security QRadar SIEM V7.2.8 deployment using a new IP address or host name, what must be the same on the two Console appliances?

正解:
Explanation:
The software version of the new Console appliance must match the software version of the old Console
appliance. QRadar does not allow appliances at different software versions in the deployment. Administrators might be required to reinstall an ISO for the appliance to downgrade or use a Fix Pack (SFS) to upgrade on the new appliance. The paperwork that came with your appliance lists the installed software version.
Reference http://www-01.ibm.com/support/docview.wss?uid=swg21984320

Question No : 5
An Administrator working with IBM Security QRadar SIEM V7.2.8 only needs to remove a single host
(10.1.95.142) from the reference set with the name “Asset Reconciliation IPv4 Whitelist” from the command line interface.
Which command would accomplish this task?

正解:
Explanation:
The syntax for the command is:
ReferenceSetUtil.sh add "Asset Reconciliation IPv4 Whitelist" IP
Reference http://www.juniper.net/techpubs/en_US/jsa2014.8/information-products/topic-collections/jsaadministration-guide.pdf

Question No : 6
An Administrator working with IBM Security QRadar SIEM V7.2.8 was tasked with adding a new Microsoft Azure log source.
What protocol is supported for this?

正解:
Explanation:
Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.4/com.ibm.dsm.doc/
c_dsm_guide_microsoft_azure_overview.html

Question No : 7
During the IBM Security QRadar SIEM V7.2.8 installation, which two default user roles are defined? (Choose two.)

正解:
Explanation:
Two default user roles are listed in the left pane of the window: Admin and All. You can select a role in the left pane to view the associated role permissions in the right pane.
Reference ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreDocs/
QRadar_71MR1_AdminGuide.pdf

Question No : 8
Which appliance of the IBM Security QRadar SIEM V7.2.8 family is a specifically used to gather events from local and remote log sources?

正解:
Explanation:
Gathers events from local and remote log sources. Normalizes raw log source events. During this process, the Magistrate component examines the event from the log source and maps the event to a QRadar Identifier (QID). Then, the Event Collector bundles identical events to conserve system usage and sends the information to the Event Processor.
Reference https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/
shc_qradar_comps.html

Question No : 9
An Administrator has configured a customized log source extension to provide asset updates to IBM Security QRadar SIEM V7.2.8. Instead of QRadar receiving an update that has the host name of the asset that the user logged in to, the log source generates many asset updates that all have the same host name.In this situation what will QRadar report?

正解:
Explanation:
Instead of QRadar receiving an update that has the host name of the asset that the user logged in to, the log source generates many asset updates that all have the same host name.
In this situation, the asset growth deviation is caused by one asset profile that contains many IP addresses and user names.
Reference https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/
c_qradar_ug_usecase_customized_lsx.html

Question No : 10
The event pipeline for processing event data before viewing and using event data on the IBM Security QRadar SIEM V7.2.8 console consists of many components, what is one component?

正解:
Explanation:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.8/com.ibm.qradar.doc/
c_qradar_deploy_event_and_flow_pipeline.html

Question No : 11
An IBM Security QRadar SIEM V7.2.8 Administrator notices a specific MAC address added to the Asset Reconciliation Domain MAC was blacklisted.
What scenario is causing this to occur?

正解:
Explanation:
Reference: ftp://ftp.software.ibm.com/software/security/products/qradar/documents/7.2.5/EN/
b_qlm_users_guide.pdf

Question No : 12
Which AQL query, when run from IBM Security QRadar SIEM V7.2.8, will show EPS broken down by
domains?

正解:
Explanation:
You would use single-quotes to define this search string. I believe I had an example in the presentation
yesterday I need to fix where I accidently used double-qoutes, which is incorrect.
The AQL search below uses quotes correctly:
select logsourcename(logsourceid) as LogSource, sum(eventcount) / ( ( max(endTime) - min
(startTime) ) / 1000 ) as EPS from events WHERE logsourcename(logsourceid) = 'Windows Auth @

Question No : 13
An Administrator needs to see Events per Second (EPS) and Flows per Minute (FPM) coming to IBM Security QRadar SIEM V7.2.8 through a dashboard. How could this be accomplished?

正解:
Explanation:
To determine the average EPS rate, users can click the Dashboard tab, then select the System Monitoring
dashboard item. This dashboard contains and event per second and flows per minute dashboard item. To see EPS details, click the View in Log Activity link. This will give an estimate of the data size for events per day.
Reference http://www-01.ibm.com/support/docview.wss?uid=swg21685322

Question No : 14
An Administrator working with IBM Security QRadar SIEM V7.2.8 is constantly receiving the following
message:“SAR Sentinal: Threshold crossed.”
Where will the Administrator tune the settings for these messages?

正解:
Explanation:
The SAR Sentinel utility monitors QRadar for a broad number of functions, such as running processes, CPU usage, and hardware functions. The function of the SAR Sentinel is to monitor the system and provide notifications when the system load exceeds a set threshold.
Reference ftp://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.1/QRadar/EN/
QRadar_721_Troubleshooting_System_Notifications.pdf

Question No : 15
10.4.17 and 10.20.1.0/24, therefore being L2L traffic.
D. This rule isn’t parsing the network hierarchy correctly, as the network hierarchy contains both subnets, but is viewing traffic between groups to be remote instead of local.

正解: A

 / 4