EnsurePass
2017 Nov IBM Official New Released C2150-612
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/C2150-612.html

IBM Security QRadar SIEM V7.2.6, Associate Analyst

Question No: 21

Which QRadar component provides the user interface that delivers real-time flow views?

  1. QRadar Viewer

  2. QRadar Console

  3. QRadar Flow Collector

  4. QRadar Flow Processor

Answer: B

Explanation:

References: http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/shc_ qradar_comps.html

Question No: 22

What are two characteristics of a SIEM? (Choose two.)

  1. Log Management

  2. System Deployment

  3. Endpoint Software patching

  4. Enterprise User management

  5. Event Normalization amp; Correlation

Answer: A,E

Question No: 23

Which file type is available for a report format?

  1. TXT

  2. DOC

  3. PDF

  4. PowerPoint

Answer: C

Question No: 24

Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?

  1. Outlier Rule

  2. Anomaly Rule

  3. Threshold Rule

  4. Behavioral Rule

Answer: B Explanation: References:

http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/c_qra dar_rul_anomaly_detection.html

Question No: 25

Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?

  1. Outlier Rule

  2. Anomaly Rule

  3. Threshold Rule

  4. Behavioral Rule

Answer: D Explanation: References:

http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/c_qra dar_rul_anomaly_detection.html

Question No: 26

Which information can be found under the Network Activity tab?

  1. Flows

  2. Events

  3. Reports

  4. Offenses

Answer: A

Question No: 27

How does flow data contribute to the Asset Database?

  1. Correlated Flows are used to populate the Asset Database.

  2. It provides administrators visibility on how systems are communicating on the network.

  3. Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.

  4. It delivers vulnerability and ports information collected from scanners responsible for evaluating network assets.

Answer: C

Question No: 28

Which log source and protocol combination delivers events to QRadar in real time?

  1. Sophos Enterprise console via JDBC

  2. McAfee ePolicy Orchestrator via JDBC

  3. McAfee ePolicy Orchestrator via SNMP

  4. Solaris Basic Security Mode (BSM) via Log File Protocol

Answer: C

Question No: 29

What set of Key fields can trigger coalescing?

  1. Source IP address, Source port, Severity, Username, and Event ID

  2. Source IP address, Destination IP address, Destination port, Direction, and Event ID

  3. Source IP address, Destination IP address, Destination port, Username, and Event ID

  4. Destination IP address, Destination port, Relevance, Username, and Low Level Category

Answer: C Explanation: References:

http://www-01.ibm.com/support/docview.wss?uid=swg21622709

Question No: 30

What are the two available formats for exporting event and flow data for external analysis? (Choose two.)

  1. XML

  2. DOC

  3. PDF

  4. CSV

  5. HTML

Answer: A,D

100% Free Download!
Download Free Demo:C2150-612 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass C2150-612 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE