www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn Selftestengine.C2150-400.64.QA Number: C2150-400 Passing Score: 800 Time Limit: 120 min File Version: 11.2 This Dump follows the motto of ultimate success. This proven study materials will help you prepare for success! In my opinion, this is the best training value in the world. Boost up your confidence to sit in exam. Practice test questions are a very good way of ensuring everyone reaches a common level of understanding. It allows us to set a course benchmark from which everyone can proceed with their learning. Guys!!! Took this exam today, all questions are from this dump. Video Training (PHP, PYTHON, JAVA, Nodejs, .NET, UX UI, SECURITY, ANDROID, IOS ..SEO, BITCOIN, YOUTUBE, FACEBOOK..) & Dumps & Student Guide (Cisco, Vmware, Oracle, REDHAT LINUX ..) & Workshop Update Daily https://goo.gl/VVmVZ0 How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
This Dump follows the motto of ultimate success.This proven study materials will help you prepare for success!In my opinion, this is the best training value in the world.Boost up your confidence to sit in exam.Practice test questions are a very good way of ensuring everyone reaches a common level of understanding. It allows us to set a course benchmark from which
everyone can proceed with their learning.Guys!!! Took this exam today, all questions are from this dump.
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Exam A
QUESTION 1Which option needs to be specified in the syslinux configuration file to reinstall an IBM QRadar appliance via serial port from an USB flash-drive?
A. USB to serialB. Default serialC. Serial to USBD. serial redirect
QUESTION 2With a Data Deletion Policy of "When storage is required", data will remain in storage until which scenario is reached?
A. If used disk space reaches 88% for records and 85% for payloads.B. If used disk space reaches 85% for records and 88% for payloads.C. If used disk space reaches 85% for records and 83% for payloads.D. If used disk space reaches 83% for records and 85% for payloads.
Correct Answer: CSection: (none)Explanation
Explanation/Reference:Reference: http://www.juniper.net/techpubs/software/management/strm/2013_2/strm-admin- guide.pdf (page 85, see the table, 5th row, second column, firstbulleted point)
QUESTION 3Which two actions can be selected from the license drop-down in the system and license management screen when working with a new license? (Choose two.)
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
C. Allocate license to systemD. Allocate system to licenseE. Register system to license
Correct Answer: ACSection: (none)Explanation
Explanation/Reference:
QUESTION 4How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updatesare made on the Secondary host through an Automated Update Process?
A. Every 10 minutesB. Every 15 minutesC. Every 30 minutesD. Every 60 minutes
Correct Answer: DSection: (none)Explanation
Explanation/Reference:Reference:http://www.juniper.net/techpubs/software/management/strm/2010_0_R1/Admin_STRM.pdf (page 68, see the second note)
QUESTION 5What two are valid actions that a user can perform when monitoring offenses? (Choose two.)
A. Import offensesB. Backup offensesC. Restore offensesD. Send email notificationsE. Hide or close an offense from any offense list
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
B. Only event data or flow data for the MH being restored will be restored to that MH.C. Only data that was accumulated for reports and searches will be restored to the MH.D. All data for all MHs for a specific time period is restored to its respective hosts in the deployment.
Correct Answer: BSection: (none)Explanation
Explanation/Reference:
QUESTION 9Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?
A. /opt/qradar/conf/B. /opt/qradar/wwwC. /opt/tomcat/conf/D. /opt/qradar/webapps
Correct Answer: ASection: (none)Explanation
Explanation/Reference:Reference: file:///Users/iMac/Downloads/QRadar_721_AdminGuide.pdf (page 90, see the table, last row, second column)
QUESTION 10Which network monitoring port does Cisco NetFlow require to be configured in QRadar?
QUESTION 11A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningfuloffenses for the environment. Which role permission is required for enabling and disabling the rule?
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Which regular expression would you use to pull out the bytes field into a custom property?
A. \w+/\d+\s+(\d+)\s+B. \w+/\d+\s+(\d+)\S+C. \w+/\d+\S+(\d+)\s+D. \w+/\D+\s+(\D+)\s+
Correct Answer: ASection: (none)Explanation
Explanation/Reference:
QUESTION 16Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows eventsand flows and not events from other networks?
A. No RestrictionsB. Log Sources OnlyC. Networks OR Log SourcesD. Networks AND Log Sources
QUESTION 18Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.)
A. One log source must have one DSM.B. One DSM must have many log sources.C. One log source must have many DSMs.D. One DSM can have only one log source.E. One DSM can be used in many log sources.
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
C. Capture FilterD. Flow Source InterfaceE. Flow Retention Length
Correct Answer: ADSection: (none)Explanation
Explanation/Reference:
QUESTION 22A user of QRadar wishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property forthis application.
Which type of custom property is required for this to be accomplished?
A. Regex Custom PropertyB. Advanced Custom PropertyC. Computation Custom PropertyD. Calculation Based Custom Property
Correct Answer: ASection: (none)Explanation
Explanation/Reference:
QUESTION 23Which attribute is valid when defining the user roles to provide the necessary access?
A. Admin: System AdministratorB. Log Activity: View Custom RulesC. Log Activity: Manage Time SeriesD. Network Activity: Maintain custom Rules
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Explanation
Explanation/Reference:
QUESTION 24You have been asked to forward all event logs from QRadar to another central syslog server with the IP of 172.16.77.133. You also want the events to beprocessed by the CRE, but not stored on the system.
What will allow you to do this process?
A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the"Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the"Normalized Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.
C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that, under Current Filters "Matches All IncomingEvents", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward' and 'Drop' options. Save anddeploy.
D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add aRouting Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination youcreated. Then select the 'Forward* and 'Drop* options. Save and deploy.
Correct Answer: ASection: (none)Explanation
Explanation/Reference:
QUESTION 25Which function allows a custom event property to be removed from a selected event?
A. AnomalyB. Map EventC. False PositiveD. Extract Property
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Explanation/Reference:
QUESTION 26Which two authentication methods for the QRadar User Interface are valid? (Choose two.)
A. SecureIDB. Digital SignaturesC. Password Authentication Protocol (PAP)D. Remote Authentication Dial In User Service (RADIUS)E. Terminal Access Controller Access-Control System (TACACS)
Correct Answer: DESection: (none)Explanation
Explanation/Reference:Answer is renovated.
QUESTION 27Which three tasks can an administrator perform from the QRadar SIEM reports tab? (Choose three.)
A. Brand reportsB. Ability to create custom reportsC. Ability to create custom compliance templatesD. Present statistics derived from source IP and destination IPE. Present measurements and statistics derived from real time dataF. Present measurements and statistics derived from events, flows and offenses
Correct Answer: BDFSection: (none)Explanation
Explanation/Reference:
QUESTION 28What type of users can view all reports that are created by other users?
QUESTION 29What does the message in the System Notification Widget on the Dashboard "Disk sentry:System disk usage back to normal levels." tell you?
A. One of your File Systems has been reduced to below 92%.B. One of your File Systems has been reduced to below 95%.C. One of your File Systems has been reduced to below 98%.D. One of your File Systems has been reduced to below 90%.
QUESTION 30A QRadar administrator is sizing a distributed deployment. The deployment has approximately 2 million flows per minute (FPM) and needs at least 7 terabytes ofstorage.
Which architecture is correct?
A. One 1724 flow processorB. One 1705 flow processor
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
A. Create a Custom Event Property to parse the second IP in the payload. From the Log Source config for the above event, choose "add to reference set" andselect your reference set.
B. From the Reference Set Management screen, select "create reference set from Log Source Event". Pick the Log Source from the drop down. Pick the EventName from the drop down.
C. From the Reference Set Management screen, select "create reference set from Log Source Event". Pick the Log Source from the drop down. Pick the CustomEvent Property from the drop down.
D. Create a Custom Event Property to parse the second IP in the payload. Create a rule that tests for events from the Log Source that is collecting the aboveevent, and for Rule Response add the Custom Event Property to the Reference Set.
Correct Answer: ASection: (none)Explanation
Explanation/Reference:
QUESTION 33What functionalities of QRadar provide the ability to collect, understand, and properly categorize events from external sources?
A. Log sourcesB. Flow sourcesC. Syslog sourcesD. External sources
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
A. There are events coming from IP 127.0.0.1 that cannot be autodiscovered and a Log Source CreatedB. There are events coming from IP 192.168.2.90 that cannot be autodiscovered and a Log Source CreatedC. There are events coming from IP 172.16.77.25 that cannot be autodiscovered and a Log Source CreatedD. There are events coming from hostname red6.color.com that cannot be autodiscovered and a Log Source Created
Correct Answer: CSection: (none)Explanation
Explanation/Reference:
QUESTION 37Which two proxy options are required to be set when using a Proxy Server for Auto Updates in QRadar? (Choose two.)
A. Proxy TypeB. Proxy NameC. Proxy ScheduleD. Proxy Server URLE. Proxy Port number
Correct Answer: BDSection: (none)Explanation
Explanation/Reference:Updated.
QUESTION 38What does Server discovery allow the QRadar administrator to do?
A. DiscoverB. Define rules for hostsC. Create host searchesD. Populate host definition building blocks
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Explanation
Explanation/Reference:Reference:http://www.juniper.net/techpubs/software/management/strm/2010_0_R1/Admin_STRM.pdf (page 21, see the table, first row, second column, second bulleted point)
QUESTION 39The following message is displayed in the System Notification Widget on the Dashboard:
Which script should be run to help determine the cause of the dropped events?
A. /opt/qradar/support/dumpGvData.shB. /opt/qradar/support/dumpDSMInfo.shC. /opt/qradar/support/cleanAssetModel.shD. /opt/qradar/support/findExpensiveCustomRules.sh
Correct Answer: DSection: (none)Explanation
Explanation/Reference:Corrected.
QUESTION 40What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?
QUESTION 43A mail server typically communicates with 50 hosts per second in the middle of the night and then suddenly starts communicating with 1.000 hosts a second. Theadministrator wants to get an email alert whenever this situation is being observed.
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Correct Answer: DSection: (none)Explanation
Explanation/Reference:Reference: http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.1/com.ibm.qradar.doc_7.2.1/c_qradar_adm_ netflow.html (second para, first sentence)
QUESTION 46How do you view Raw Events on the Log Activity tab?
A. Select "Raw Events" from the View list boxB. Select "Raw Events" from the Actions list boxC. Select "Raw Events" from the Display list boxD. Select "Raw Events" from the Quick Searches list box
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Explanation/Reference:
QUESTION 48What is the result when adding host definition building blocks to QRadar?
A. Creates OffensesB. Reduces false positivesC. Makes searches run fasterD. Authorizes QRadar Services
Correct Answer: BSection: (none)Explanation
Explanation/Reference:Still Valid.
QUESTION 49Which configuration window defines the maximum number of TCP syslog connections?
A. Log SourcesB. System SettingC. Console SettingD. Deployment Editor
Correct Answer: DSection: (none)Explanation
Explanation/Reference:
QUESTION 50Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment?
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
D. Yellow
Correct Answer: DSection: (none)Explanation
Explanation/Reference:
QUESTION 51A QRadar SIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication withfile sharing sites. In which group will the administrator find this specified building block?
A. PolicyB. Host DefinitionsC. Network DefinitionD. Category Definitions
Correct Answer: BSection: (none)Explanation
Explanation/Reference:
QUESTION 52Which character is used for naming subgroups when using the option Add Group in the Network Hierarchy editor?
A. +(plus)B. . (period)C. \ (Backslash)D. /(Forward Slash)
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
QUESTION 53There are unknown log records from unsupported security device events in the Log activity tab. You are planning to write an LSX for an unsupported securitydevice type based on UDSM. What is the file format and payload option for exporting the unknown log records?
A. XLS and full exportB. CSV and full exportC. XML and visible columnD. PDF and visible column
Correct Answer: CSection: (none)Explanation
Explanation/Reference:
QUESTION 54Which command will install the patch after mounting the patch file?
A. /media/updates/setupB. /media/updates/installerC. /media/updates/setup -patchD. /media/updates/installer -patch
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
Correct Answer: ASection: (none)Explanation
Explanation/Reference:
QUESTION 56Which two search filters are available on the QRadar console while making an asset search? (Choose two.)
A. PCI Severity. NERC SeverityB. Vulnerability CVSS Base Score. Vulnerability Risk ScoreC. Vulnerability on Open Port, Vulnerability on Open ServiceD. Vulnerability on Open Port, Vulnerability External ReferenceE. Vulnerability on Source Port, Vulnerability on Destination Port
Correct Answer: BESection: (none)Explanation
Explanation/Reference:
QUESTION 57Which default flow source is included in the QRadar SIEM?
How to download: Click <I'm not Robot > Wait 3s > Click "Get Link">
www.vceplus.com - Website designed to help IT pros advance their careers - Born to Learn
QUESTION 58You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log sourcetype GenericDSM and the correct Log Source Event ID.
What is the next step in this process?
A. Create the high level and low level categories from the map id actionB. Map the custom log records to your own custom high level and low level categoriesC. Create the high level and low level categories from the Rules section in the Offense tabD. Run the qidmap.pl script to create high level and low level categories from the command line
Correct Answer: DSection: (none)Explanation
Explanation/Reference:
QUESTION 59In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)
A. Top 5 Source IPs sectionB. Click on Display > SourcesC. Click on Display > DestinationsD. Click on Event/Flow Count field's Events linkE. Click on Events button in Last 10 Events section
Correct Answer: BDSection: (none)Explanation
Explanation/Reference:
QUESTION 60Which tab in the QRadar web console allows flows to be monitored and investigated?