IBM C2150-614 - IBM Security QRadar SIEM V7.2.7 Deployment Exam
Page: 1 / 13
Total 60 questions
Question #1 (Topic: )
How can a Deployment Professional fix rules that are not distinguishing between remote
and local hosts?
and local hosts?
A. Configure the NetFlow
B. Create a Reference Set
C. Configure the VA Scanners
D. Create the Network Hierarchy
Answer: D
Question #2 (Topic: )
A Deployment Professional was asked to investigate the following error:
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were
dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
/opt/qradar/bin/findExpensiveCustomRules.sh to gather the necessary troubleshooting
logs.
When should this command be run?
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were
dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
/opt/qradar/bin/findExpensiveCustomRules.sh to gather the necessary troubleshooting
logs.
When should this command be run?
A. Right after a reboot
B. Run “service hostcontext restart” first
C. While the system is dropping events
D. Restart ECS, then run command
Answer: C
Question #3 (Topic: )
A Deployment Professional is reviewing a custom rule that is supposed to be catching
internal users that might be leaking information. The customer has requested that events
that are being used for this rule have the email address of the sender.
This information is in the payload in the format email from: [email protected] subject:
Which regular expression should be used to create a custom property to fulfill this request?
internal users that might be leaking information. The customer has requested that events
that are being used for this rule have the email address of the sender.
This information is in the payload in the format email from: [email protected] subject:
Which regular expression should be used to create a custom property to fulfill this request?
A. \d(.+@[ˆ\.].*\.[a-z]{2,})\d
B. \b(.+@[ˆ\.].*\.[a-z]{2,})\b
C. C. ˆ[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}
D. D. [A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}$
Answer: B
Question #4 (Topic: )
A Deployment Professional is working with a customer running an IBM Security QRadar
SIEM V7.2.7 installation that is currently running into performance issues. The customer is
noticing that searches are taking a long time to finish and there are performance
degradation system notifications in the Console.
Which two steps will lead to a performance increase for this customer? (Choose two.)
SIEM V7.2.7 installation that is currently running into performance issues. The customer is
noticing that searches are taking a long time to finish and there are performance
degradation system notifications in the Console.
Which two steps will lead to a performance increase for this customer? (Choose two.)
A. Disable indexes that don't have a % of searches using this index of 20% or higher for the last seven days
B. Disable indexes that don't have a % of searches using this property of 10% or higher for the last 24 hours
C. Search for indexes which are enabled but have a % of searches using property that is zero, disable those indexes
D. Enable indexes that have a % of searches using this property higher than 10% and also % of searches missing this index greater than 10%
E. Search for indexes which are disabled but have a % of searches using property above 30% and also % of searches missing index is above 30% and enable them
Answer: C,E
Question #5 (Topic: )
A current banking customer has just expanded by purchasing a small rural bank with a low
bandwidth WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to
capture log events from the newly acquired branch and to forward them on a schedule,
after hours during the trough of activity to the main branch. There is plenty of room for this
additional EPS growth.
Which device will meet the requirements?
bandwidth WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to
capture log events from the newly acquired branch and to forward them on a schedule,
after hours during the trough of activity to the main branch. There is plenty of room for this
additional EPS growth.
Which device will meet the requirements?
A. 1202 QFlow Collector
B. 1400 Data Node
C. 1501 Event Collector
D. 1605 Event Processor
Answer: D
