2017 Nov IBM Official New Released C2150-614
100% Free Download! 100% Pass Guaranteed!

IBM Security QRadar SIEM V7.2.7 Deployment

Question No: 31

After creating a custom Log Source Extension to parse a Source IP address from this event snippet #39;IP Address: (, the Source IP is not being extracted from the payload.

The Log Source Extension is showing the following: IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

Which Regular Expression should be used to ensure the Source IP is parsed properly?

A. IP\sAddress\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\)

B. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))

C. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\)

D. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{13})\)

Answer: B

Question No: 32

Which IBM Security QRadar function, if misconfigured, could cause rules that are only supposed to be applied to local hosts to be applied to external hosts?

  1. VA Scanner

  2. Log Collector

  3. Flow Collector

  4. Network Hierarchy

Answer: D Explanation:

IBM Security QRadar uses the network hierarchy to understand your network traffic and provide you with the ability to view activity for your entire deployment.

IBM Security QRadar considers all networks in the network hierarchy as local.

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_ad m_netwk_hierarchy.html

Question No: 33

You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft漏 Windows Server.

Which log source protocol should be used to accomplish this task?

  1. WinCollect MSRPC

  2. WinCollect Agent

  3. WinCollect Log File

  4. WinCollect File Forwarder

Answer: B Explanation:

A managed WinCollect deployment has a QRadar appliance that shares information with the WinCollect agent installed on the Windows hosts that you want to monitor. The

Windows host can either gather information from itself, the local host, and, or remote Windows hosts.

Note: The WinCollect application is a Syslog event forwarder that administrators can use for Windows event collection with QRadar. The WinCollect application can collect events from systems with WinCollect software installed (local systems), or remotely poll other Windows systems for events.

References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.wincollect.doc/c_wincolle ct_overview_new.html

Question No: 34

A Deployment Professional needs to handle event logs from Point-of-Sale (POS) devices on cruise ships which have sporadic connectivity to the rest of the deployment.

Which appliance can be used to store and forward these events?

  1. QRadar Flow Collector 1201

  2. QRadar Flow Processor 1705

  3. QRadar Event Processor 1628

  4. QRadar Event Collector 1501

Answer: D Explanation:

The IBM Security QRadar Event Collector 1501 (MTM 4380-Q2C) appliance is a dedicated event collector. By default, a dedicated event collector collects and parses event from various log sources and continuously forwards these events to an event processor. You can configure the QRadar Event Collector 1501 appliance to temporarily store events and only forward the stored events on a schedule.

Question No: 35

A software install is being performed on a client#39;s hardware. The Deployment Professional is about to install the QRadar software on a host which will become an HA primary.

Which command is mandatory?

  1. /opt/qradar/ha_setup.sh

  2. tail-f/var/bin/ha.logs

  3. /opt/qradar/bin/prepare_ha.sh

  4. /media/cdrom/post/prepare_ha.sh

Answer: D Explanation:

To enable HA, QRadar connects a primary HA host with a secondary HA host to create an HA cluster.

For a software installation of IBM Security QRadar, you must run the following script before the installation to enable HA:


References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.8/com.ibm.qradar.doc/c_qradar


Question No: 36

A Deployment Professional is asked to determine what could be done to decrease latency of events received by an IBM Security QRadar V7.2.7 Console based in the United States, which is receiving logs sent directly from a data center in China.

Which appliance could be installed in the Chinese data center to accomplish this goal?

  1. Data Node

  2. Event Collector

  3. Flow Processor

  4. Event Processor

Answer: D Explanation:

Example of an Event Processor:

The IBM Security QRadar Event Processor 1605 (MTM 4380-Q1E) appliance is a dedicated event processor that you can scale your QRadar deployment to manage higher EPS rates. The QRadar Event Processor 1605 appliance includes an on-board event collector, event processor, and internal storage for events.

With the Basic License the capacity is 2500 EPS, and with an upgrade license it is 20000 EPS.

References: http://www.ibm.com/support/knowledgecenter/SS42VS_7.2.6/com.ibm.qradar.doc/c_hwg_e vt_prcssr1605.html

Question No: 37

A Deployment Professional working with IBM SecurityQRadar SIEM V7.2.7 is configuring scanners for dynamic scanning and is working with a customer to explain how dynamic scanning works, presenting the following example.

Asset IP:

Scanner A CIDR: Scanner B CIDR:

How is this asset scanned when utilizing dynamic scanning?

  1. Scanner A would scan this asset as it has the bigger CIDR for accuracy.

  2. Scanner B would try the scan first then Scanner A would make an attempt.

  3. Scanner B would scan this asset as it has the smaller CIDR for accuracy.

  4. Scanner A amp; B would scan this asset as it is contained within both their CIDRs.

Answer: A Explanation:

In QRadar Vulnerability Manager you can assign different scanners to network CIDR ranges. During a scan, each asset in the CIDR range that you want to scan is dynamically associated with the correct scanner.

Question No: 38

A client has reached the maximum of 5000 EPS for their 3128 All-in-One appliance. They have just completed an acquisition of a competitor company and would like to get them on- board with collecting events for correlation in QRadar. It has been determined that the newly acquired company has a large number of log sources, and it is estimated that its total EPS will be approx. 22000 EPS.

What will meet the hardware requirements when changing to a distributed environment?

  1. 1605 Event Processor

  2. 1622 Event Processor

  3. 1624 Event Processor

  4. 1628 Event Processor

Answer: D Explanation:

QRadar Event Processor 1628, with a Basic Licence, can process 2500 events per second (EPS), and with Upgraded license it can process 40,000 events per second.

Question No: 39

A Deployment Professional has come on-site to upgrade a IBM Security QRadar SIEM V7.2.7 deployment to a new fix level. Before running the upgrade, the software and fix versions must be verified.

What must the Deployment Professional verify?

  1. Appliances in a deployment must be same version and same fix level.

  2. Appliances in a deployment could be different version and different fix level.

  3. Appliances in a deployment must be same version but fix level could be different.

  4. Appliances in a deployment could be different version but fix level must be the same.

Answer: A Explanation:

Software versions for all IBM Security QRadar appliances in a deployment must be same version and fix level. Deployments that use different QRadar versions of software are not supported.

References: IBM Security Qradar Version 7.2.7 Upgrade Guide, page 1 http://public.dhe.ibm.com/software/security/products/qradar/documents/7.2.7/en/b_qradar_ upgrade.pdf

Question No: 40

A Deployment Professional needs to store information in the IBM Security QRadar SIEM V7.2.7 asset database which is provided from the customer#39;s configuration management data base (CMDB). The CMDB provides a nightly dump of information like #39;Technical Owner#39; and 鈥淎sset weight#39; tied to an IP address.

Which integration mechanism with QRadar will allow this information to be maintained?

  1. Use REST-API calls with the /asset_model/assets/{asset_id} endpoint

  2. Upload the information in a CSV format using the #39;Import Assets#39; function

  3. Send syslog LEEF formatted identity events to the #39;Asset Profiler-2#39; log source

  4. Schedule the AXIS scanner to import a pre-formatted XML file with the required data

Answer: B Explanation:

You can import asset profile information.

The imported file must be a CSV file in the following format: p,name,weight,description

The import process merges the imported asset profiles with the asset profile information you have currently stored in the system.


References: http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/t_qradar_ug_ asset_import.html

100% Free Download!
Download Free Demo:C2150-614 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass C2150-614 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE