EnsurePass
2017 Nov IBM Official New Released C2150-614
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/C2150-614.html

IBM Security QRadar SIEM V7.2.7 Deployment

Question No: 21

A System Notification on a QRadar Console states 鈥淎n allocated license has expired and is no longer valid鈥? After an investigation, the Deployment Professional notices that the X- Force feed license has expired.

How will this expiration affect the system?

  1. QRadar will work normally, but X-Force feed will not be updated anymore.

  2. QRadar will work normally because the expired feature license has no effect.

  3. QRadar will not collect any events until the license has been renewed or removed.

  4. QRadar will collect events normally, but events are not correlated with X-Force feed.

Answer: A Explanation:

If the X-Force license expires on the QRadar Console, the IP reputation and URL databases will no longer receive updates and rules will leverage the existing values provided from the last good content update.

References: http://www-01.ibm.com/support/docview.wss?uid=swg21701213#expires

Question No: 22

A custom with IBM Security QRadar SIEM V7.2.7 is using Active Directory to authenticate users. After a crash, the authentication servers are down and some users tried to log in before the authentication servers came back up.

What will happen to these users?

  1. Local users are able to log in with their local password.

  2. Active Directory users are able to log in with their password.

  3. Administrative and non-administrative users are unable to log in with their password until authentication servers come back online.

  4. Logging on is restricted to administrative users and non-administrative will needed to wait until the authentication server comes back online.

Answer: D Explanation:

QRadar provides authentication options for both local and external authentication methods, such as Active Directory or LDAP.

The QRadar Administrative roles have both the external and local authentication methods available in case the external authentication method fails. If the remote authentication fails, the Administrative users can login using the local password.

References: http://www-01.ibm.com/support/docview.wss?uid=swg21959344

Question No: 23

A Deployment Professional has received complaints from a customer stating that events from a satellite Location in Hong Kong are being delayed, which is affecting records processing. The Deployment Professional wants to improve event transfer from that location to the IBM Security QRadar SIEM V7.2.7

Which appliance could be installed in the satellite location to accomplish this goal?

  1. Data Node

  2. Flow Collector

  3. Event Collector

  4. Event Processor

Answer: C Explanation:

An Event Collector is an appliance for collecting events in remote locations for periodic forwarding to an Event Processor or an all-in-one appliance.

An example is the IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance,

which is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_hwg_e ventcllctr1501.html

Question No: 24

A Deployment Professional wants to reduce the number of false positives being generated by a WebSense log source.

Which rule test could be created to solve this problem, assuming the Building Blocks have been updated for the customer#39;s environment?

  1. 鈥渁nd NOT when an event matches any of the following BB:HostDefinition: VA Scanner Source IP鈥?/p>

  2. 鈥渁nd NOT when an event matches any of the following BB:HostDefinition: Proxy Servers鈥?/p>

  3. 鈥渁nd NOT when an event matches any of the following BB:HostDefinition: Trusted Network Source IP鈥?/p>

  4. 鈥渁nd NOT when an event matches any of the following BB:HostDefinition: Network Management Servers鈥?/p>

Answer: A Explanation:

Websense/ForcePoint Content Gateway (Content Gateway) is a Linux-based, high- performance Web proxy and cache that provides real-time content scanning and Web site classification to protect network computers from malicious Web content while controlling employee access to dynamic, user-generated Web 2.0 content.

Note: Proxy servers and virus servers can generate high volumes of traffic. To reduce the offenses created by these server types, edit the following building blocks to reduce the number of offenses:

  • BB:HostDefinition: VA Scanner Source IP

    Vulnerability assessment products launch attacks that can result in offense creation. To avoid this behavior and define

    vulnerability assessment products or any server you want to ignore as a source, edit the and when the source IP is one of the following test to include the IP addresses of the following: VA Scanners, Authorized Scanners

  • BB:HostDefinition: Network Management Servers

  • BB:HostDefinition: Virus Definition and Other Update Servers

  • BB:HostDefinition: Proxy Servers

  • BB:NetworkDefinition: NAT Address Range

  • BB:NetworkDefinition: TrustedNetwork

References: http://www.websense.com/content/support/library/deployctr/v76/dic_wcg.aspx ftp://public.dhe.ibm.com/software/security/products/qradar/documents/71MR1/SIEM/CoreD ocs/QRadar_71MR1_TuningGuide.pdf

Question No: 25

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A Deployment Professional needs to configure SFlow.

What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?

  1. Enable flow forwarding

  2. Disable flow forwarding

  3. Enable asymmetric flows

  4. Disable symmetric flows

Answer: C Explanation:

In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing.

However, if you want to combine flows from multiple QRadar QFlow Collector components,

you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration.

The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. The No option prevents the QRadar QFlow Collector from recombining asymmetric flows.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/t_qradar

_adm_config_qflow_col.html

Question No: 26

A Deployment Professional has detected a big spike in a customer’s 鈥淢alware infection detected鈥?rule that monitors their endpoint anti-virus solution. The spike happened over the weekend, but when the rule was checked, it was not changed. Since Monday morning, the rule has spiked and has not yet stopped generating offenses.

What was added to the customer#39;s QRadar log sources that caused this problem?

  1. Proxies

  2. Flow Collectors

  3. Domain Controllers

  4. Guest network in their offices.

Answer: B Explanation:

Rules perform tests on events, flows, or offenses. If all the conditions of a test are met, the rule generates a response.

QRadar QFlow Collector passively collects traffic flows from your network through span ports or network taps. The IBM Security QRadar QFlow Collector also supports the collection of external flow-based data sources, such as NetFlow.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/shc_qra dar_comps.html

http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar

_gs_rules.html

Question No: 27

A Deployment Professional is investigating why a rule has stopped triggering. The rule is configured to monitor certain events from a specific syslog based Log Source. Upon investigation, the Deployment Professional observes that no events are being received by that Log Source in the Log Activity Tab.

The customer has recently reconfigured the sending system but demonstrates that events are still being sent to the QRadar Event Processor. After running a tcpdump on the Event Processor, events are indeed observed coming from the IP address of the sending system.

How can the Deployment Professional find an event in the QRadar GUI to discover which Log Source the events are being processed?

  1. Log Activity Tab -gt; Add Filter -gt; 鈥淧arameter Field鈥?enter 鈥淗ostname鈥?and enter a hostname

  2. Network Activity Tab -gt; Advanced Search -gt; 鈥淧arameter Field鈥?select 鈥淗ostname鈥?and enter a hostname

  3. Log Activity Tab -gt; Add Filter -gt; 鈥淧arameter Field鈥?select 鈥淧ayLoad Contains鈥?and enter a unique identifier based off the tcpdump data

  4. Network Activity Tab -gt; Add Filter -gt; 鈥淧arameter Field鈥?select 鈥淧ayload Contains鈥?and enter a unique identifier based off the tcpdump data

Answer: A Explanation:

The Network Activity tab allows you to investigate flows being sent to Qradar Network Anomaly Detection in real-time, perform powerful searches, and view network activity using configurable time-series charts. A flow is a communication session between two hosts.

Viewing flow information allows you to determine how the traffic is communicated, what is communicated (if the content capture option is enabled), and who is communicating. Flow data also includes details such as protocols, ASN values, IFIndex values, and priorities.

Question No: 28

What is the procedure to configure basic system settings on an IBM Security QRadar V7.2.7 system once the System Configuration panel is accessed under the Admin Tab?

  1. 1. System Settings gt; (Configure Settings) gt; Save 2. Admin Tab gt; Advanced gt; Deploy Changes

  2. 1. Configure Settings gt; Save 2. Admin Tab gt; Advanced gt; Deploy Changes

  3. 1. System Settings gt; (Configure Settings) gt; Save 2. Admin Tab gt; Advanced gt; Deploy Full Configuration

  4. 1. Configure Settings gt; Save 2. Admin Tab gt; Advanced gt; Deploy Full Configuration

Answer: C Explanation:

Procedure to configure system settings.

References: http://www.ibm.com/support/knowledgecenter/fr/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/t

_qradar_adm_conf_sys_setting.html

Question No: 29

A Deployment Professional is asked to create a redundancy link with fail over for backup. Which mode should be used if only a redundancy link is requested?

  1. mode=0

  2. mode=1

  3. mode=5

  4. mode=6

Answer: B Explanation:

Mode=1 is active backup. Only one slave is active. Another slave becomes active when the active slave fails.

Incorrect:

A: Mode 0 is balance round robin. Packets are transmitted in order from the first available slave to the last slave.

C: Mode=5 is balance transmit load balancing (TLB). The outgoing network data is distributed across all the slaves. A designated slave receives incoming traffic, which fails over to a backup slave when the designated slave fails.

D: Mode=6 is balance adaptive load balancing (ALB). It includes both transmit load balancing (TLB) and receive load balancing (RLB) for IPV4 network traffic.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/t_qradar

_adm_config_nic_bonding.html

Question No: 30

A Deployment Processional is performing a new deployment and needs to collect flows through NetFlow version 5, Netflow version 9, IPFIX and Sflow. The network is complex and heterogeneous.

What is the minimum number of flow sources that are needed for this IBM Security QRadar SIEM 7.2.7 deployment?

  1. 1

  2. 2

  3. 3

  4. 4

Answer: C Explanation:

External flow sources includes any external flow sources that send flows to the QRadar QFlow Collector. If your QRadar QFlow Collector receives multiple flow sources, you can assign each flow source a distinct name. When external flow data is received by the same

QRadar QFlow Collector, a distinct name helps to distinguish external flow source data from each other.

External flow sources might include the following sources:

NetFlow (QRadar supports NetFlow versions 1, 5, 7, and 9) IPFIX

sFlow J-Flow

PacketeerPacketeer Flowlog file

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_ad m_flow_source_ovrvw.html

100% Free Download!
Download Free Demo:C2150-614 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass C2150-614 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE