IBM Security Network Protection (XGS) V5.3.2 System Administration

Here you have the best IBM C2150-620 practice exam questions

You have 60 total questions to study from
Each page has 5 questions, making a total of 12 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 15, 2025
This site is not affiliated with or endorsed by IBM.

Question 1 of 60

A System Administrator has been seeing a lot of SSLv2-Weak_Cipher attacks reported on the network and wants to increase the severity of the events.
How can this be accomplished?

Modify the Threat Level of the signature.

Create an Incident in SiteProtector for SSLv2_Weak Cipher.

Modify the Event Log response for the Intrusion Preventions Object.

increase the X-Force Protection Level for the Intrusion Prevention Object.

Correct Answer:

Question 2 of 60

The System Administrator has discovered the XGS device is overloaded and is dropping legitimate traffic.
Which setting is likely responsible for this behavior?

Unanalyzed policy configuration

TCP resets- TCP reset interface

Fail Closed hardware bypass mode

LogDB response enabled on NAP rules

Correct Answer: A

Question 3 of 60

A System Administrator notices a large amount of bandwidth being used by one of the web application servers on an unexpected destination port.
Which method can the System Administrator use to review a sample of that traffic?

Add an event filter for the IP address in question and assign it a packet capture response.

Start a capture after adding filters specifying the source IP address and destination port.

Use the tcpdump command to generate a capture and specify the src host and dst port values.

Create an NAP rule specifying the source host address, web application, and a capture response.

Correct Answer: B

Question 4 of 60

A System Administrator needs to create a pcap capture file which contains the FTP traffic inspected by the XGS and therefore has enabled the FTP_Get signature in the Default IPS Object.
Which other action needs to be performed to ensure that the desired capture file is available in the Local Management interface (LMI) for this event only?

Select "Log With Raw" on the FTP_Get signature that was enabled.

Configure "Capture Connection" on the Response tab for the Default IPS Object.

Enable the tools>capture>pinterface from the command line filtering by FTP_Get event.

Configure "Capture Connection" on the Response tab for an IPS Event Filter Policy rule for FTP_Get event.

Correct Answer: A

Question 5 of 60

A Security Administrator want to block access to streaming video on a news website.
Which object should be used and how should it be configured?

Use an IP Reputation object with the streaming video option enabled.

Use a URL Category object with the News/Magazine category enabled.

Use a Web application object with the stream/download action for the website.

use a URL Category object with the News/Magazine category enabled and a Non-Web application with video streaming protocols.

Correct Answer: C