IBM C2150-612 IBM Security QRadar SIEM V7.2.6 Associate Analyst Online Training
IBM C2150-612 Online Training
The questions for C2150-612 were last updated at Apr 16,2024.
- Exam Code: C2150-612
- Exam Name: IBM Security QRadar SIEM V7.2.6 Associate Analyst
- Certification Provider: IBM
- Latest update: Apr 16,2024
Where can a user add a note to an offense in the user interface?
- A . Dashboard and Offenses Tab
- B . Offenses Tab and Offense Detail Window
- C . Offenses Detail Window, Dashboard, and Admin Tab
- D . Dashboard, Offenses Tab, and Offense Detail Window
When might a Security Analyst want to review the payload of an event?
- A . When immediately after login, the dashboard notifies the analyst of payloads that must be investigated
- B . When “Review payload” is added to the offense description automatically by the “System: Notification” rule
- C . When the event is associated with an active offense, the payload may contain information that is not normalized or extracted fields
- D . When the event is associated with an active offense with a magnitude greater than 5, the payload should be reviewed, otherwise it is not necessary
Which key elements does the Report Wizard use to help create a report?
- A . Layout, Container, Content
- B . Container, Orientation, Layout
- C . Report Classification, Time, Date
- D . Pagination Option, Orientation, Date
How is an event magnitude calculated?
- A . As the sum of the three properties Severity, Credibility and Relevance of the Event
- B . As the sum of the three properties Severity, Credibility and Importance of the Event
- C . As a weighted mean of the three properties Severity, Credibility and Relevance of the Event
- D . As a weighted mean of the three properties Severity, Credibility and Importance of the Event
What is a benefit of using a span port, mirror port, or network tap as flow sources for QRadar?
- A . These sources are marked with a current timestamp.
- B . These sources show the ASN number of the remote system.
- C . These sources show the username that generated the flow.
- D . These sources include payload for layer 7 application analysis.
What is the primary goal of data categorization and normalization in QRadar?
- A . It allows data from different kinds of devices to be compared.
- B . It preserves original data allowing for forensic investigations.
- C . It allows for users to export data and import it into other system.
- D . It allows for full-text indexing of data to improve search performance.
Which set of information is provided on the asset profile page on the assets tab in addition to ID?
- A . Asset Name, MAC Address, Magnitude, Last user
- B . IP Address, Asset Name, Vulnerabilities, Services
- C . IP Address, Operating System, MAC Address, Services
- D . Vulnerabilities, Operative System, Asset Name, Magnitude
Which type of search uses a structured query language to retrieve specified fields from the events, flows, and simarc tables?
- A . Add Filter
- B . Asset Search
- C . Quick Search
- D . Advanced Search
When using the right click event filtering functionality on a Source IP, one can filter by “Source IP is not [*]”.
Which two other filters can be shown using the right click event filtering functionality? (Choose two.)
- A . Filter on DNS entry [*]
- B . Filter on Source IP is [*]
- C . Filter on Time and Date is [*]
- D . Filter on Source or Destination IP is [*]
- E . Filter on Source or Destination IP is not [*]
What is indicated by an event on an existing log in QRadar that has a Low Level Category of “Unknown”?
- A . That event could not be parsed
- B . That event arrived out of order from the original device
- C . That event was from a device that is not supported by QRadar
- D . That the event was parsed, but not mapped to an existing QRadar category
