EnsurePass
2017 Nov IBM Official New Released C2150-614
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/C2150-614.html

IBM Security QRadar SIEM V7.2.7 Deployment

Question No: 11

A Deployment Professional needs to create and share a saved search with other users. What are the requirements for this action?

  1. The user must be in the Admin role, and the saved search must have at least one 鈥淕rouped By鈥?field.

  2. Any user can share a saved search that must have exactly one 鈥淕rouped by鈥?field.

  3. The user must be in the Admin role, and the saved search must have at least one 鈥淸indexed]鈥?field.

  4. Any user can share a saved search that must contain at least one 鈥淕rouped By鈥? and one 鈥淸indexed] fields.

Answer: A Explanation:

Create and share the Search Criteria, that the Dashboard Item will use.

The user account initiating this process must be in the Admin User Role. Only users in the Admin User Role have the ability to share saved Search Criteria.

Assign Search to Group(s): Select the check box for the group you want to assign this saved search. If you do not select a group, this saved search is assigned to the Other group by default.

References: http://www-01.ibm.com/support/docview.wss?uid=swg21679314

Question No: 12

In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased.

How many additional views were added?

A. 100

B. 120

C. 130

D. 170

Answer: D Explanation:

The limit of 130 aggregated views has been reached in QRadar 7.2.6 and earlier. The number of aggregated data views was increased in QRadar 7.2.7 to 300 aggregated data views.

References: http://www-01.ibm.com/support/docview.wss?uid=swg21690762

Question No: 13

A Deployment Professional has a reference list of usernames that is used in rules. The Deployment Professional needs to be able to remove a username from the reference list when an offense is detected from a log event.

How can a Deployment Professional accomplish this goal?

  1. As a rule response, select update Reference Set option

  2. As a rule response, select remove from Reference Set option

  3. As a rule response, select execute custom action in order to call REST-API:UPDATE:

    /reference_data/sets/{name}

  4. As a rule response, select execute custom action in order to call REST-API:REMOVE:

/reference_data/sets/{name}/{value}

Answer: B Explanation:

On the Rule Responses page of the customer rule, configure the responses that you want this rule to generate.

The rule response parameters include Remove from Reference Set, which is used to remove data from a reference set.

A reference set is a set of elements, such as a list of IP addresses or user names, that are derived from events and flows occurring on your network.

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_crea te_cust_rul.html

Question No: 14

What is the impact on network bandwidth when selecting #39;Global#39; on a rule instead of #39;Local#39; in a distributed environment?

  1. All events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.

  2. All matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth.

  3. All events are sent to each QRadar Event Processor for processing and therefore, all Events Processors use more bandwidth.

  4. All matching events are sent to each QRadar Event Processor for processing and therefore, all Event Processor use more bandwidth.

Answer: B Explanation:

If you select Local, all rules are processed on the Event Processor on which they were received and offenses are created only for the events that are processed locally.

If you select Global, all matching events are sent to the QRadar Console for processing and therefore, the QRadar Console uses more bandwidth and processing resources.

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_crea te_cust_rul.html

Question No: 15

Which two permissions are required to modify custom properties? (Choose two.)

  1. Maintain Custom Rules

  2. Normalized Event Properties

  3. User Defined Flow Properties

  4. User Defined Event Properties

  5. Normalized Flow Properties

Answer: C,D Explanation:

To create custom properties if you have the correct permission.

You must have the User Defined Event Properties or the User Defined Flow Properties permission.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.3/com.ibm.qradar.doc_7.2.3/c_ qradar_req_perm_cus_prop.html

Question No: 16

Which set of rules should be adhered to in order to create valid expression for creating custom properties?

  1. SQL

  2. Java

  3. Perl

  4. Python

Answer: B Explanation:

You can create a custom property type.

When you create a custom property, you can choose to create a Regex or a calculated property type.

Regex defines the field that you want to become the custom property. After you enter a regex statement, you can validate it against the payload. When you define custom regex patterns, adhere to regex rules as defined by the Java programming language.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_qradar

_cus_prop_typ.html

Question No: 17

Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only.

How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?

  1. The domains must be used with security profiles to limit the available information to a group of users within that domain.

  2. The networks must be used with security profiles to limit the available information to a group of users within that domain.

  3. The multi-tenancy must be configured to isolate the users and then domains will be used to assign log sources and networks to these users.

  4. The multi-tenancy must be configured to allow each company to isolate and control their assets, log sources, users, networks, flows, and dashboards.

Answer: C Explanation:

Multitenant environments allow Managed Security Service Providers (MSSPs) and multi- divisional organizations to provide security services to multiple client organizations from a single, shared IBM Security QRadar deployment. You don#39;t have to deploy a unique QRadar instance for each customer.

In a multitenant deployment, you ensure that customers see only their data by creating domains that are based on their QRadar input sources. Then, use security profiles and

user roles to manage privileges for large groups of users within the domain. Security profiles and user roles ensure that users have access to only the information that they are authorized to see.

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_ad m_tenant_mgmt_overview.html

Question No: 18

A Deployment Professional is working with a customer interested in deploying IBM Security QRadar SIEM V7.2.7 and is wishing to use the default configuration and default license with 1,600 network objects.

Why won#39;t this work?

  1. The default configuration allows for a maximum of 1,000 network objects

  2. The default configuration allows for a maximum of 1,500 network objects

  3. The default configuration utilizing the default license only allows for 300 network objects

  4. The default configuration utilizing the default license only allows for 1,200 network objects

Answer: C Explanation:

Restrictions for the default license key for QRadar SIEM installations include a Network object limit of 300.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_act_ lic_keys.html

Question No: 19

A Deployment Professional is looking over event and flow data for a new customer and sees that the customer is hitting 4,000 EPS/300,000 FPM, with bursts of up to 5,000 EPS/400,000 FPM. The customer is asking for the least amount of appliances to be installed to handle this traffic without any throttling.

Which combination should be installed?

  1. Install the IBM Security QRadar 3105 (Console) and add a QRadar 1805

  2. Install the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1705

  3. Install the IBM Security QRadar 3105 (Console) and add a QRadar Flow Processor 1828

  4. Install the IBM Security QRadar 3105 (Console) and add a QRadar Event Processor 1605

Answer: B Explanation:

The QRadar 3105 (All-in-One) appliance requires external QRadar QFlow Collectors for layer 7 network activity monitoring.

With an upgraded licence the QRadar Flow Processor 1705 supports 600,000 FPM, depending on traffic types.

Note: The IBM Security QRadar 3105 (All-in-One) (MTM 4380-Q1E) appliance is an all-in- one QRadar system that can profile network behavior and identify network security threats. With a basic license it supports 25,000 FPM and 1000 EPS.

With an upgraded license it supports 200,000 FPM and 5000 EPS.

Question No: 20

A customer has a following data:

Ensurepass 2017 PDF and VCE

The customer wants the Deployment Professional to store this information in Reference Data in QRadar in order to:

Which type of Reference Data can fulfill both tasks?

  1. Reference Table

  2. Reference Set

  3. Reference Map

  4. Reference Map of Sets

Answer: B Explanation:

A reference set is a set of elements that are derived from events and flows that occur on your network. Examples of elements that are derived from events are IP addresses or user names.

After you create a reference set, you can create rules to detect log activity or network activity that is associated with the reference set. For example, you can create a rule to detect when an unauthorized user attempts to access your network resources. You can also configure a rule to add an element to a reference set when log activity or network activity matches the rule conditions. For example, you can create a rule to detect when an employee accesses a prohibited website and add that employee#39;s IP address to a reference set.

Note: You can create the following reference data collection types: Reference map

Reference map of sets Reference sets Reference map of maps Reference table

100% Free Download!
Download Free Demo:C2150-614 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass C2150-614 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE