Most Recent C2150-612 Simulations For IBM Security QRadar SIEM V7.2.6 Associate Analyst Certification

NEW QUESTION 1
Which pair of options are available in the left column on the Reports Tab?

• A. Reports and Owner
• B. Reports and Branding
• C. Reports and Report Grouping
• D. Reports and Scheduled Reports

Answer: B

NEW QUESTION 2
Which device uses signatures for traffic analysis when deployed in a network environment to detect, allow, block, or simulated-block traffic?

• A. Proxy
• B. QRadar
• C. Switch
• D. IDS/IPS

Answer: D

NEW QUESTION 3
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?

• A. Add Filter
• B. Asset Search
• C. Quick Search
• D. Advanced Search

Answer: D

Explanation:
References:
http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_ug_search_bar.

NEW QUESTION 4
Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?

• A. Outlier Rule
• B. Anomaly Rule
• C. Threshold Rule
• D. Behavioral Rule

Answer: B

Explanation:
References:
http://www.ibm.com/support/knowledgecenter/en/SS42VS_7.2.7/com.ibm.qradar.doc/c_qradar_rul_anomaly_de

NEW QUESTION 5
What is a primary benefit of building blocks?

• A. They can notify users of strange behavior.
• B. They allow the execution of its test within all rules.
• C. They generate new events into the pipeline before rules fire.
• D. They allow for report results to be used in custom rules tests.

Answer: B

NEW QUESTION 6
What is a difference between Rule Actions and Rule Responses?

• A. Rule Actions are executed when the Rule is Disabled; Rule Responses require the Rule to be Enabled.
• B. Rule Actions are only available for Event and Flow Rules; Rule Responses are available for all Rules.
• C. Rule Actions only directly affect the SIEM internal
• D. Rule Responses may send information to external systems.
• E. Rule Responses are always processed; Rule Actions may be throttled to ensure they are not executed too frequently.

Answer: C

NEW QUESTION 7
Which QRadar component provides Layer 7 visibility within a physical network infrastructure?

• A. QRadar Data Node
• B. QRadar Flow Analyzer
• C. QRadar Flow Collector
• D. QRadar VFlow Collector

Answer: D

NEW QUESTION 8
Where can event data be exported from for external analysis?

• A. From the Offenses Ta
• B. select the offense and right click, select export event data
• C. From the list of events page, select actions and click export to XML or export to CSV
• D. From the offense summary page, select actions and click on export to XML or export to CSV
• E. From the Offenses Ta
• F. select the offense, click on actions, select export to XML or export to CSV

Answer: C

NEW QUESTION 9
A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected.
Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation.
How can the Security Analyst ensure results of the penetration test are retained?

• A. Hide the offense and add a note with a reference to the penetration test findings
• B. Protect the offense to not allow it to delete automatically after the offense retention period has elapsed
• C. Close the offense and mark the source IP for Follow-Up to check if there are future events from the host
• D. Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense

Answer: B

Explanation:
References:
http://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/c_qradar_Off_Retention.html

NEW QUESTION 10
A Security Analyst has noticed that an offense has been marked inactive.
How long had the offense been open since it had last been updated with new events or flows?

• A. 1 day + 30 minutes
• B. 5 days + 30 minutes
• C. 10 days + 30 minutes
• D. 30 days + 30 minutes

Answer: B

NEW QUESTION 11
A mapping of a username to a user’s manager can be stored in a Reference Table and output in a search or a report.
Which mechanism could be used to do this?

• A. Quick Search filters can select users based on their manager’s name.
• B. Reference Table lookup values can be accessed in an advanced search.
• C. Reference Table lookup values can be accessed as custom event properties.
• D. Reference Table lookup values are automatically used whenever a saved search is run.

Answer: B

NEW QUESTION 12
What is an example of the use of a flow data that provides more information than an event data?

• A. Represents a single event on the network
• B. Automatically identifies and better classifies new assets found on a network
• C. Performs near real-time comparisons of application data with logs sent from security devices
• D. Represents network activity by normalizing IP addresses ports, byte and packet counts, as well as other details

Answer: D

Explanation:
References:
http://www-01.ibm.com/support/docview.wss?uid=swg21682445

NEW QUESTION 13
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)

• A. Rules
• B. By Category
• C. My Offenses
• D. By Event Name
• E. Create Offense
• F. Closed Offenses

Answer: ABC

NEW QUESTION 14
How is an event magnitude calculated?

• A. As the sum of the three properties Severity, Credibility and Relevance of the Event
• B. As the sum of the three properties Severity, Credibility and Importance of the Event
• C. As a weighted mean of the three properties Severity, Credibility and Relevance of the Event
• D. As a weighted mean of the three properties Severity, Credibility and Importance of the Event

Answer: C

NEW QUESTION 15
Which log source and protocol combination delivers events to QRadar in real time?

• A. Sophos Enterprise console via JDBC
• B. McAfee ePolicy Orchestrator via JDBC
• C. McAfee ePolicy Orchestrator via SNMP
• D. Solaris Basic Security Mode (BSM) via Log File Protocol

Answer: C

NEW QUESTION 16
What is the correct procedure for closing an offense?

• A. From the Offenses Ta
• B. select the offense(s). click on Actions, select Close
• C. From the Dashboard, select the offense(s) in question, right click and select Close
• D. From the Offense Summary Page, click Display and select Close and select the reason
• E. From the Offenses Ta
• F. select the offense(s). right click on selection, select Close

Answer: A

NEW QUESTION 17
Which QRadar component is designed to help increase the search speed in a deployment by allowing more data to remain uncompressed?

• A. QRadar Data Node
• B. QRadar Flow Processor
• C. QRadar Event Collector
• D. Qradar Event Processor

Answer: A

NEW QUESTION 18
Which set of information is provided on the asset profile page on the assets tab in addition to ID?

• A. Asset Name, MAC Address, Magnitude, Last user
• B. IP Address, Asset Name, Vulnerabilities, Services
• C. IP Address, Operating System, MAC Address, Services
• D. Vulnerabilities, Operative System, Asset Name, Magnitude

Answer: C

Explanation:
References:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/c_qradar_ug_asset_su

NEW QUESTION 19
What is the primary goal of data categorization and normalization in QRadar?

• A. It allows data from different kinds of devices to be compared.
• B. It preserves original data allowing for forensic investigations.
• C. It allows for users to export data and import it into other system.
• D. It allows for full-text indexing of data to improve search performance.

Answer: A

NEW QUESTION 20
Where can a user add a note to an offense in the user interface?

• A. Dashboard and Offenses Tab
• B. Offenses Tab and Offense Detail Window
• C. Offenses Detail Window, Dashboard, and Admin Tab
• D. Dashboard, Offenses Tab, and Offense Detail Window

Answer: B

Explanation:
References:
IBM Security QRadar SIEM Users Guide. Page: 34

NEW QUESTION 21
Events and Flows both have multiple different timestamps available to them. Which timestamp is available to both events and flows?

• A. End Time
• B. Storage Time
• C. First Activity Time
• D. Last Activity Time

Answer: D

NEW QUESTION 22
What are two benefits of using a netflow flow source? (Choose two)

• A. They can include data payload
• B. They can include router interface information.
• C. They can include usernames involved in the flow.
• D. They can include ASN numbers of remote addresses.
• E. They can include authentication methods used to access the network.

Answer: BD

NEW QUESTION 23
What are two common uses for a SI EM? (Choose two.)

• A. Managing and normalizing log source data
• B. Identifying viruses based on payload MD5s
• C. Blocking network traffic based on rules matched
• D. Enforcing governmental compliance auditing and remediation
• E. Performing near real-time analysis and observation of a network and its devices

Answer: AC

NEW QUESTION 24
......