C2150-195 Exam Questions
114 real C2150-195 exam questions with expert-verified answers and explanations. Page 1 of 3.
- Question #1
Which steps are required to see hidden offenses in IBM Security QRadar V7.0 MR4 (QRadar)?
- Question #2
Which method can be used to deliver log data to QRadar?
- Question #3
The only way QRadar can get asset information is by importing it from active scanners?
- Question #4
What are the two backup options available in Q1 Radar?
- Question #5
QRadar can accept data input from:
- Question #6
What must be done in order to save a search criteria asa quick search?
- Question #7
What are the three common fields on the Asset tab >VA Scan section? (Choose three.)
- Question #8
For any Dashboard workspace, which two methods can be used to zoom into any of the spikes in traffic? (Choose two.)
- Question #9
How does IBM Security QRadar V7.0 MR4 (QRadar) use the information from vulnerability scanners?
- Question #10
A user is complaining about slow traffic on aspecific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar...
- Question #11
When working with rules, why do some rules specify QID values and some specify events?
- Question #12
How is the real time streaming of payloads for events viewed?
- Question #13
What action must be taken to view reports related to PCI specifically?
- Question #14
What are three of the basic pre-built Dashboard Overview types? (Choose three.)
- Question #15
What are three regulatory reports standard in IBM Security QRadar V7.0 MR4? (Choose three.)
- Question #16
How can a user clear all filters and return to the default search in theLog Activity user interface?
- Question #17
When investigating an offense, how can a usergather information about the source IP address within IBM Security QRadarV7.0MR4?
- Question #18
In the Offense Summary page, whichfield indicates if an attack was sudden or if the attack occurred over a long period of time?
- Question #19
What are two ways that asset profiles can be populated? (Choose two.)
- Question #20
Which four fields are used when importing assets from a CSV file?
- Question #21
A flow is always based on what?
- Question #22
Which two formats can a user export flow data from the Network Activity tab? (Choose two.)
- Question #23
What is an example of a correctly written single character wild card search term using the Quick Filter?
- Question #24
How can a user cancel a running report in IBMSecurity QRadar V7.0 MR4?
- Question #25
Which protocol can be used to send reports?
- Question #26
If a user wants to assign an incident to a particular user, which drop-down list would they select inside the Offense interface?
- Question #27
IBM SecurityQRadar V7.0 MR4 (QRadar) events that match a particular QRadar event rule are given a magnitude. This magnitude is a combination of which three factors?
- Question #28
Approximately how many default reports are included in IBM Security QRadar V7.0 MR4?
- Question #29
A flow is a sequence of packets that havewhich common characteristics?
- Question #30
By default how often is the information on the Dashboard refreshed?
- Question #31
When using the Quick Filter feature in the Network Activity tab, which character must be used in front of special characters to indicate that the character is part of the search te...
- Question #32
How can a user search to show only hosts with vulnerabilities?
- Question #33
What is required for a custom report to be generated?
- Question #34
Which option must be selected to view the results of previously run searches from the Log Activity tab?
- Question #35
What are three data types provided by right-clicking IP address > More Options list > Information menu? (Choose three.)
- Question #36
Which item in the IBM Security QRadar V7.0 MR4 interface provides a context sensitive help page which is available for any page, window, or section?
- Question #37
What is the difference between a report and a search in IBM Security QRadar V7.0 MR4?
- Question #38
What are three chart types included in the IBM Security QRadar V7.0 MR4 Dashboard? (Choose three.)
- Question #39
If an IBM Security QRadar V7.0 MR4 operator wants to make the log data view/search available as a Dashboard item, whatspecifically must be done with the saved log search?
- Question #40
What is used to parse an event (log record) in IBM Security QRadar V7.0 MR4?
- Question #41
Using the regex * (RecordNumber) = (. *?)\s',which capture group should be used to capture the digits?
- Question #42
Which flow direction would a user specify in order to see flows that are solely related to traffic that originates from the internal networks toexternal networks?
- Question #43
What is the Identity Information section used for?
- Question #44
Which column in the log activity displays the coalesced value?
- Question #45
Wheninvestigating an offense, what is the best option to gather information about the destination IP addresses within IBM Security QRadar V7.0 MR4?
- Question #46
Everyone involvedin a forensic analysis is now convinced that account management events involving promotion of accounts to AD administrator groups must be reported on daily. What i...
- Question #47
An IBM Security GRadar V7.0 MR4 (QRadar) user has access to QRadar offenses. How do offenses appear in their My Offenses page?
- Question #48
How can a user display Raw events?
- Question #49
A user is complaining of slow traffic on a specific network segment. An administrator is investigating the source of the congestion using the IBM Security QRadar V7.0 MR4 (QRadar)...
- Question #50
Given the IBM Security Framework, IBM SecurityQRadar V7.0 MR4 fits into which two security domains? (Choose two.)