C2150-196 Exam Questions
135 real C2150-196 exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101
What is required to configure users for successful external authentication?
- Question #102
When creating a behavioral rule in Automated Anomaly Analysis, which three components are weighted todetermine the rule?
- Question #103
Which statement best describes the advantages of implementing NetFlow monitoring?
- Question #104
How are user permissions applied using Log Source groups?
- Question #105
This command provides what informationwhen run from an IBM Security QRadar QFlow 1202 appliance: grep `Sent.\ + flows' /var/log/qradar.log?
- Question #106
Which IBM Security QRadar SIEM V7.1 appliance types are designed to collect, process, and store log event messages?
- Question #107
How does the order of rule tests affect the ORE performance?
- Question #108
What step must be completed before searching restored data on a newly installed console?
- Question #109
Given that ICMP pings from all hosts are dropped, which rule(s) allows ICMP pings and responses only from and to host 10.35.100.23?
- Question #110
What must be provided when utilizing kickstart disks to install IBM Security QRadar SIEM V7.1 software on customersupplied hardware?
- Question #111
Where is WinCollect configured as an Authorized Service?
- Question #112
Which search option is mandatory before producing a time series graph?
- Question #113
The ip_context_menu.xml file was edited in order to access additional details for selected IP addresses. Which service must be restarted for the changes to take effect?
- Question #114
What is the default download path directory where DSM, minor, and major updates are stored before being deployed?
- Question #115
Which IBM Security QRadar SIEM V7.1 DSM protocol supports the collection of Microsoft SMTPI OWA, and message tracking logs?
- Question #116
How are values mapped in a LSXto parse data from a payload for a UDSM?
- Question #117
After clicking on the Backup and Recovery button in the Admin tab, which three options are found in the Backup Archives page? (Choose three.)
- Question #118
What must be done in order to use the data present on the Log Activity screen for a report?
- Question #119
Which two items must be provided prior to the initial installation and configuration of IBM Security QRadar SIEM V7.1 appliance? (Choose two.)
- Question #120
What must be done to enable High Availability (HA) disk synchronization?
- Question #121
Which Admin function enables system performance alerts?
- Question #122
How is a High Availability (HA) cluster installed from the Admin tab?
- Question #123
Prom the Dashboard view, the Compliance Overview dashboard >Login Failures by User (real- time) workspace is being reviewed. Which link provides more details about these events?
- Question #124
What happens topreviously collected events when an event is mapped?
- Question #125
What are two ways an asset can be added to asset profiles? (Choose two.)
- Question #126
Why is coalescing important to a non-admin user?
- Question #127
What is an Offense Type?
- Question #128
Which statement is most accurate regarding the information that NetFlow provides?
- Question #129
Which SNMP protocol should be used when confidentiality, integrity, and authentication are required?
- Question #130
What two types of retention buckets are available in IBM Security QRadarSEM V7.1? (Choose two.)
- Question #131
The last two digits of an appliances type can be used to determine which capability?
- Question #132
A customer has indicated that Windows events must be collected without the use of agents. Which protocol should be selected in theProtocol Configuration when adding a Microsoft Win...
- Question #133
In the Offense Summary page, which field indicates if an attack was sudden or if the attack occurred over a long period of time?
- Question #134
Which four fields are used when importing assets from a CSV file?
- Question #135
A flow is always based on what?