IBM C2150-400 - IBM Security Qradar SIEM Implementation v 7.2.1 Exam
Page: 2 / 35
Total 175 questions
Question #6 (Topic: )
What is the easiest method to populate host definition building blocks?
A. Setup Rules
B. Server Discovery
C. Authorized Services
D. Manually Define Building Blocks
Answer: A
Question #7 (Topic: )
The current settings for QFlow do not capture enough payload.
How would you change the packet capture size?
How would you change the packet capture size?
A. Console
B. Command line
C. System settings
D. Deployment editor
Answer: B
Question #8 (Topic: )
Which character is used for naming subgroups when using the option Add Group in the
Network Hierarchy editor?
Network Hierarchy editor?
A. +(plus)
B. . (period)
C. \ (Backslash)
D. /(Forward Slash)
Answer: B
Question #9 (Topic: )
Which user account in the QRadar host must be used to configure offboard storage?
A. Root
B. Admin
C. Storage
D. Administrator
Answer: A
Question #10 (Topic: )
A mail server typically communicates with 50 hosts per second in the middle of the night
and then suddenly starts communicating with 1.000 hosts a second. The administrator
wants to get an email alert whenever this situation is being observed.
Which type of rule should an administrator create to monitor this situation?
and then suddenly starts communicating with 1.000 hosts a second. The administrator
wants to get an email alert whenever this situation is being observed.
Which type of rule should an administrator create to monitor this situation?
A. Flow Rule
B. Anomaly Rule
C. Threshold Rule D. Behavioral Rule
Answer: C
