C2150-624 Online Practice Questions and Answers

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration

backup files from the previous day to an off-site location.

What is the default location where these files can be found?

A. /store/backup

B. /store/exports

C. /store/postgres

D. /store/backupHost

What is needed to send the same events and flows to separate data centers or geographically separate sites and enable data redundancy in IBM Security QRadar SIEM V7.2.8?

A. A Flashcopy or GlobalMirror License.

B. A dark fibre network and proper configuration of the backup and recovery feature.

C. A load balancer or other method to deliver the same data to mirrored appliances.

D. Use the Backup and Recovery automation feature in QRadar and a dedicated fiber channel connection.

An Administrator working with an IBM Security QRadar SIEM V7.2.8 deployment needs to build an Ariel

Query to find all flow data send in the last 24 hours where the amount of bytes being sent and received are

larger than 64 bytes.

What Query needs to be used?

A. SELECT * FROM flows WHERE sourceBytes> 64 anddestinationBytes> 64 LAST 1 DAY

B. SELECT * FROM flows WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAYS

C. SELECT * FROM flowsdata WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAY

D. SELECT * FROM flowsdata WHERE sourceBytes> 64 AND destinationBytes> 64 LAST 1 DAYS

What key point should be understood about how flow information in IBM Security QRadar SIEM V7.2.8 is used?

A. Flow information generates the response that is configured in the custom rule.

B. Flow information is sent to QRadarQFlow Collector which normalizes raw log source events.

C. Flow information is actively gathered from the QRadar Event Collector and provides views, reports and alerts to the administrator.

D. Flow information is used to detect threats and other suspicious activity that might be missed if only event information were tracked.

An IBM Security QRadar SIEM V7.2.8 Administrator has been retaining event data for compliance purposes. Data is no longer necessary and the administrator needs to delete a specific retention bucket. Where does the Administrator do this configuration?

A. Administrator needs to reset the SIM and purge the file system

B. Admin tab -> Data Sources -> Flow retention icon -> Select the flow retention bucket -> Delete

C. Admin tab -> Data Sources -> Event retention icon -> Select the event retention bucket -> Delete

D. Admin tab -> Data Sources -> Event or Flow retention -> Double-click the first empty row in the table -> Delete

When migrating the Console after restoring from an IBM Security QRadar SIEM V7.2.8 backup, what must be manually copied?

A. The Connection data and Topology data

B. The Policy Monitor questions and event or flow data

C. TheQRadar Risk Manager device configurations and Topology data

D. The certificates, any custom generated private keys and event or flow data

Which is an officially supported web browser for managing IBM Security QRadar SIEM V7.2.8?

A. Safari

B. Vivaldi

C. Opera Netscape

D. Mozilla Firefox ESR

In which core functional layer of an IBM Security QRadar SIEM V7.2.8 architecture is data parsed and normalized?

A. Data Searches

B. Data Collection

C. Data Processing

D. Data Management

An Administrator has begun configuring the network hierarchy for a customers deployment of IBM Security

QRadar SIEM V7.2.8 and has already configured groups for network devices and network management

devices, non-routable internal address space, DMZ and VPN.

Which additional item could be considered for configuration within the network hierarchy?

A. VoIP

B. Root DNS Servers

C. External trusted FQDNs D. Routable external address spaces

An Administrator working with a IBM Security QRadar V7.2.8 deployment is looking to add Layer-7 visibility

and data collection. The current deployment is running a QRadar 3128-C Console and has 8Gbps of

network traffic.

What appliance solution would give this customer the results they are looking for?

A. Adding an additional QRadar 3128-C Console

B. Adding two QRadarQFlow Collector 1301 appliances

C. Adding a single QRadarQFlow Collector 1310 SR-C/LR-C

D. Adding two QRadarQFlow Collector 1301 appliances and one QRadarQFlow Collector 1202 appliance