IBM C2150-612 Exam Questions

Question 6 of 54

When using the right click event filtering functionality on a Source IP, one can filter by "Source IP is not [*]".
Which two other filters can be shown using the right click event filtering functionality? (Choose two.)

Filter on DNS entry [*]

Filter on Source IP is [*]

Filter on Time and Date is [*]

Filter on Source or Destination IP is [*]

Filter on Source or Destination IP is not [*]

Correct Answer: B, D

Question 7 of 54

What is indicated by an event on an existing log in QRadar that has a Low Level Category of "Unknown"?

That event could not be parsed

That event arrived out of order from the original device

That event was from a device that is not supported by QRadar

That the event was parsed, but not mapped to an existing QRadar category

Correct Answer: D

Question 8 of 54

A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected.
Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation.
How can the Security Analyst ensure results of the penetration test are retained?

Hide the offense and add a note with a reference to the penetration test findings

Protect the offense to not allow it to delete automatically after the offense retention period has elapsed

Close the offense and mark the source IP for Follow-Up to check if there are future events from the host

Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense

Correct Answer: B

Question 9 of 54

Which list is only Rule Actions?

Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.

Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.

Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.

Modify Severity; Send to Forwarding Destinations; Drop the Detected Event; Ensure the detected event is part of an offense.

Correct Answer: A

Question 10 of 54

What are the two available formats for exporting event and flow data for external analysis? (Choose two.)

XML

DOC

PDF

CSV

HTML

Correct Answer: A, D