C2150-400 Exam Questions

The following message is displayed in the System Notification Widget on the Dashboard: Which script should be run to help determine the cause of the dropped events?

What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?

Which string creates a network hierarchy group called MailServers inside a group called DMZ?

What will the transfer rate be for a value of 0 when configuring event forwarding from an event collector to an event processor?

How would an IBM Security QRadar administrator know if asymmetric superflows are enabled?

Which two actions can be selected from the license drop-down in the system and license management screen when working with a new license? (Choose two.)

How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updates are made on the Seconda...

What two are valid actions that a user can perform when monitoring offenses? (Choose two.)

What is a valid QVM scan status?

Which NetFlow versions doesQRadarSIEM support?

How do you view Raw Events on the Log Activity tab?

There is a requirement at the customer site to double the default QFlow Maximum Content Capture size. What would be the resulting packet size?

What is the result when adding host definition building blocks toQRadar?

What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment?

What will be restored when restoring event data or flow data for a particular period to a MH?

Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?

Which network monitoring port does Cisco NetFlow require to be configured inQRadar?

A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the envi...

Which operating system is supported for creating a bootable flash drive for recovery?

Which three graph types are available forQRadar Log Manager reports? (Choose three.)

Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment?

AQRadarSIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication with file sharing sites....

Which character is used for naming subgroups when using the option Add Group in the Network Hierarchy editor?

Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner?

Which two file systems doesQRadarsupport for offboard storage partitions? (Choose two.)

Assuming a Squid Proxy has logs in the following format: Timeelapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type And these are some sample logs from a S...

Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows events and flows and not event...

On the QRadar console you have received notification that CVE ID: CVE-2010-000 is being actively used. What search parameter should you select from the list of search parameters in...

Which two statements are true regardingQRadar Log Sources and DSMs? (Choose two.)

What are the two expected Host Statuses after HA setup if the initial synchronization is complete? (Choose two.)

Which default flow source is included in the QRadar SIEM?

You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log source type GenericDSM and the cor...

In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)

Which tab in the QRadar web console allows flows to be monitored and investigated?

An off-site source can connect to which component?

Which two fields are required to be filled out when adding a new network to the network hierarchy? (Choose two.)

A user ofQRadarwishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property for this application. Whi...

Which attribute is valid when defining the user roles to provide the necessary access?

Which configuration window defines the maximum number of TCP syslog connections?

A customer has log files from Windows-based systems and wants to push those logs to theQRadar console. What options should the customer use in WinCollectto collect and forward thes...

What is the minimum bandwidth needed between the primary and secondary HA host?

Which directory from the QRadar host can be moved to offboard storage?

You have been asked to forward all event logs fromQRadarto another central syslog server with the IP of 172.16.77.133. You also want the events to be processed by the CRE,but not s...

When resetting the tuning template to system defaults, what happens to any applied custom changes?

When scheduling a scan what is affected by the use of the Potency option?

Which three tasks can an administrator perform from theQRadarSIEM reports tab? (Choose three.)

What type of users can view all reports that are created by other users?

What does the message in the System Notification Widget on the Dashboard "Disk sentry: System disk usage back to normal levels." tell you?

A QRadar administrator is sizing a distributed deployment. The deployment has approximately 2 million flows per minute (FPM) and needs at least 7 terabytes of storage. Which archit...

A customer has a requirement to integrate withQRadarto capture events coming from IBM DB2. Which protocol should an administrator use to integrate Log Enhanced Event format (LEEF)...