IBM C2150-612 IBM Security QRadar SIEM V7.2.6 Associate Analyst Online Training
IBM C2150-612 Online Training
The questions for C2150-612 were last updated at May 11,2025.
- Exam Code: C2150-612
- Exam Name: IBM Security QRadar SIEM V7.2.6 Associate Analyst
- Certification Provider: IBM
- Latest update: May 11,2025
Which Anomaly Detection Rule type can test events or flows for volume changes that occur in regular patterns to detect outliers?
- A . Outlier Rule
- B . Anomaly Rule
- C . Threshold Rule
- D . Behavioral Rule
Given these default options for dashboards on the QRadar Dashboard Tab: Which will display a list of offenses?
- A . Network Overview
- B . System Monitoring
- C . Vulnerability Management
- D . Threat and Security Monitoring
What is an example of the use of a flow data that provides more information than an event data?
- A . Represents a single event on the network
- B . Automatically identifies and better classifies new assets found on a network
- C . Performs near real-time comparisons of application data with logs sent from security devices
- D . Represents network activity by normalizing IP addresses ports, byte and packet counts, as well as other details
What is a primary goal with the use of building blocks?
- A . A method to create reusable rule responses
- B . A reusable test stack that can be used in other rules
- C . A method to generate reference set updates without using a rule
- D . A method to create new events back into the pipeline without using a rule
Which two are top level options when right clicking on an IP Address within the Offense Summary page? (Choose two.)
- A . WHOIS
- B . Navigate
- C . DNS Lookup
- D . Information
- E . Asset Summary Page
Which three log sources are supported by QRadar? (Choose three.)
- A . Log files via SFTP
- B . Barracuda Web Filter
- C . TLS multiline Syslog
- D . Oracle Database Listener
- E . Sourcefire Defense Center
- F . Java Database Connectivity (JDBC)
Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)
- A . Rules
- B . By Category
- C . My Offenses
- D . By Event Name
- E . Create Offense
- F . Closed Offenses
What is a capability of the Network Hierarchy in QRadar?
- A . Determining and identifying local and remote hosts
- B . Capability to move hosts from local to remote network segments
- C . Viewing real-time PCAP traffic between host groups to isolate malware
- D . Controlling DHCP pools for segments groups (i.e. marketing, DMZ, VoIP)
An event is happening regularly and frequently; each event indicates the same target username. There is a rule configured to test for this event which has a rule action to create an offense indexed on the username.
What will QRadar do with the triggered rule assuming no offenses exist for the username and no offenses are closed during this time?
- A . Each matching event will be tagged with the Rule name, but only one Offense will be created.
- B . Each matching event will cause a new Offense to be created and will be tagged with the Rule name.
- C . Events will be tagged with the rule name as long as the Rule Response limiter is satisfied. Only one offense will be created.
- D . Each matching event will be tagged with the Rule name, and an Offense will be created if the event magnitude is greater than 6.
What is the difference between TCP and UDP?
- A . They use different port number ranges
- B . UDP is connectionless, whereas TCP is connection based
- C . TCP is connectionless, whereas UDP is connection based
- D . TCP runs on the application layer and UDP uses the Transport layer
