IBM Braindumps

Real Exam Questions Dumps With Their Answers

'C2150-614 Dumps'

C2150-614 Dumps


You can pass easily using C2150-614 dumps. We keep postings these C2150-614 exam questions answers on this site regularly. Some search words are C2150-614 braindumps, past papers, study material and C2150-614 dumps. Pass your exam using C2150-614 exam questions. Passing guarantee.

C2150-614 | A customer has existing complex network infrastructure…

Question: 5

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A Deployment Professional needs to configure SFlow. What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?

A. Enable flow forwarding
B. Disable flow forwarding
C. Enable asymmetric flows
D. Disable symmetric flows

Answer: C

Explanation:

In some networks, traffic is configured to take alternate paths for inbound and outbound traffic. This routing is called asymmetric routing. However, if you want to combine flows from multiple QRadar QFlow Collector components, you must configure flow sources in the Asymmetric Flow Source Interface(s) parameter in the QRadar QFlow Collector configuration. The Yes option enables the QRadar QFlow Collector to recombine asymmetric flows. The No option prevents the QRadar QFlow Collector from recombining asymmetric flows.

C2150-614 | Which two permissions are required to modify…

Question: 4

Which two permissions are required to modify custom properties? (Choose two.)

A. Maintain Custom Rules
B. Normalized Event Properties
C. User Defined Flow Properties
D. User Defined Event Properties
E. Normalized Flow Properties

Answer: C,D

C2150-614 | A Deployment Professional has created a new Building…

Question: 3

A Deployment Professional has created a new Building Block (BB), and it’s not returning any expected events. The Deployment Professional has checked to ensure the BB is enabled and active. No errors are returned. What should be done to correct this BB problem?

A. Add your new custom BB to the “System: Load Building Blocks” rule
B. Ensure that the BB has been set to “use” and a Deploy Full Configuration was done
C. Make sure that you use “Global System” so that all of the QRadar deployment uses it
D. Manually enter in all QID’s of the events it till monitor so it will automatically be used

Answer: A

Explanation:

Note: Question Will a building block of type: Common work when added to ‘System: Load Building Blocks’?

Answer:

The rule, System: Load Building Blocks is an Event only rule. If a building block is created from Type:
Common, which includes both Events and Flows, and is then added to the System:
Load Building Blocks rule, it will load, but will only reflect Event offenses and not Flow offenses. Flow offenses can be triggered when using Flow rules, which are then bound to the building block used in a Flow rule.

C2150-614 | Which task can be completed…

Question: 2

Which task can be completed by using the Historical Correlation feature?

A. Generating weekly reports on a new offense rule
B. Using a new custom rule to create a quick search
C. Investigating previously closed offenses generated a custom rule
D. Testing a new offense rule against data that was previously captured

Answer: C

C2150-614 | After creating a custom Log Source…

Question: 1

After creating a custom Log Source Extension to parse a Source IP address from this event snippet ‘IP Address: (10.20.30.40), the Source IP is not being extracted from the payload. The Log Source Extension is showing the following:
IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Which Regular Expression should be used to ensure the Source IP is parsed properly?

A. IP\sAddress\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\)
B. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}))
C. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\)
D. IP\sAddress:\s\((\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{13})\)

Answer: B