A2150-195 Online Practice Questions and Answers

What does it mean if events are coming in as stored?

A. The events are not mapped to an existing QID map.

B. The events are being captured and parsed by a DSM.

C. The events are being captured but not being parsed by a DSM.

D. The events are being stored on disk and will be parsed by a DSM later.

How can a report be set up with restricted user access?

A. Click Reports > Restrict Users

B. Click on Manage Groups and add the user to the Restricted Reports group

C. Select the appropriate users on the Report Editing wizard to access the reports

D. Click Admin > Users, edit each user, and create lists of report filters users are allowed to see

On the Offense summary page, which filter is executed when the Events icon or the link with the number of events is clicked?

A. An event filter with all events matching the source IP address

B. An event filter with all events matching the destination IP address

C. An event filter with the Custom Rule Engine rule(s) for the last 24 hours

D. An event filter with the Custom Rule Engine rule(s) for the duration of the offense

An IBM Security QRadar V7.0 MR4 report can be generated into which three formats? (Choose three.)

A. XLS

B. PDF

C. CSV

D. DOC

E. JPEG

F. HTML

What effect does the Offense Retention period have on closed offenses and who can modify this period?

A. The Offense Retention period determines how long a closed offense will be kept in the database before it is deleted. The only person who can modify this period is an IBM Security QRadar V7.0 MR4 (QRadar) admin.

B. Once an offense is closed, any other QRadar user will be able to open it again for the time given by the Offense Retention period. The person who closes an offense is also the person who determines the offense retention period of the closed offense.

C. The offense retention period has no effect on closed offenses. A closed offense is the same as a deleted offense, and offenses that are deleted do not have a retention time. Only QRadar admins can change the offense retention period because it is found in the Admin tab.

D. The offense retention period has no effect on the closed offenses but only on offenses under evaluation. While the QRadar magistrate evaluates and correlates offenses, it may rely on the life span of an offense. Everyone who can create QRadar rules can modify the offense retention period.

What two tasks can be performed from the Assets tab? (Choose two.)

A. Edit asset severity

B. Clear vulnerabilities

C. Manually add asset profiles

D. Search assets that match specific attributes

E. Show which offenses an asset has been involved with

What is the main difference between a QFlow record versus a netflow capable router or switch?

A. QFlow can be used to trigger an alert.

B. QFlow cannot capture the communication payload.

C. QFlow can also be viewed in the Event Viewer window.

D. QFlow and vFlow can capture the communication payload.

Approximately how many default reports are included in IBM Security QRadar V7.0 MR4?

A. 100

B. 500

C. 1,000

D. 1,500

How can a user display Raw events?

A. View drop-down > Raw Events

B. Action menu > View Raw Events

C. Display drop-down > Raw Events

D. Right-click on the events > View Raw Events

On the Offenses tab, which option displays offenses by access, exploit, or malware?

A. By Rules

B. By Category

C. By Definition

D. By Source IP