IBM P2150-870 Free Practice Questions

NEW QUESTION 1
Which is the most common formatused to send event data to a SIEM?

• A. JSON
• B. LEEF
• C. Syslog
• D. NetFlow

Answer: D

NEW QUESTION 2
Which is a valid use case for QRadar Network Insights (QN|)?

• A. Finding anomalies and behavior exceptions in event traffic volumes
• B. Analyzing network traffic and finding document hashes from email attachments.
• C. Discovering the network topology within the enterprise based on retrieving the firewall and router/switch rule sets.
• D. Doing after the factreconstruction of user web sessions, chat sessions, and documents, and finding relations between all these.

Answer: C

NEW QUESTION 3
What is the QRadar 14xx Data Node used for? It is used to:

• A. offload Offense management tasks from a multi-tenant 31 xx appliance.
• B. provide a long term data backup store for 16xx, 17xx, 18xx and 31 xx appliances.
• C. provide additional storage and processing for 16x
• D. 17xx, 18xx and 31 xx appliances.
• E. run complex 'Machine Learning' style applications in the QRadar application framework.

Answer: B

NEW QUESTION 4
What does QRadar Network Insight (QNI) create?

• A. An Offense from Events.
• B. A demilitarized zone from Apple Airport data.
• C. OSI Layer 7 packet from OSI Layer 3 flow information.
• D. IPFIX records with deep security content from SPAN or TAN port data.

Answer: C

NEW QUESTION 5
How can QRadar Network Security improve security posture for companies? By using QRadar Network Security, companies can:

• A. implement an application firewall.
• B. perform event monitoring.
• C. perform vulnerability scanning to detect vulnerabilities.
• D. perform application contro
• E. SSL inspection, and disrupt advanced malware

Answer: A

NEW QUESTION 6
What is the unique benefit of moving to QRadar on Cloud? Customers can now:

• A. reduce future capital expense.
• B. take advantage of QRadar Apps.
• C. build much larger QRadar deployments
• D. have access to additional device support modules.

Answer: B

NEW QUESTION 7
Which is a valid use case for implementing QRadar reference data collections?

• A. Change all incoming events to add an additional field value.
• B. Provide an index for all data (events and flow data) in real time.
• C. Store hash values and test each incoming hash against this set
• D. Speed up dashboard functions due to caching common widget data sets

Answer: C

NEW QUESTION 8
Which metrics are defined for the three virtual appliance system specification (Minimum/Medium/High). (select 4)

• A. NICs
• B. IOPS
• C. Memory
• D. Storage
• E. CPU cores/speed
• F. Maximum Latency
• G. Virtual Networks

Answer: ACEG

NEW QUESTION 9
Which QRadar Apps integrate with the User Behaviour Analytics App to enhance its detection capabilities?

• A. QRadar Risk Manager and QRadar Network Security
• B. QRadar Machine Learning App and Reference Data Import - LDAP
• C. QRadar Asset Profiler App and Palo Alto Networks App for QRadar
• D. QRadar Incident Remediation App and QRadar Artificial Analysis App

Answer: C

NEW QUESTION 10
Besides a QRadar Console, which additional types of appliance does a typical QRadar Incident Forensics deployment contain?
One or more QRadar Incident Forensics appliances, and:

• A. one or more QRadar Event Collector appliances.
• B. one or more QRadar QFlow Collector appliances.
• C. one or more QRadar Vulnerability Scanner appliances
• D. one or more QRadar Network Packet Capture appliances

Answer: A

NEW QUESTION 11
Which default Dashboard shows QRadar error messages?

• A. Network Overview
• B. System Monitoring
• C. Application Overview
• D. Threat and Security Monitoring

Answer: B

NEW QUESTION 12
What are thesystems called which send events to QRadar?

• A. Assets
• B. Firewalls
• C. Log Sources
• D. Data Backups

Answer: D

NEW QUESTION 13
What does QRadar Incident Forensics do? QRadar Incident Forensics:

• A. analyzes event data for an incident that is discovered by QRadar SI EM.
• B. analyzes flow data for an incident that is discovered by a QRadar SI EM.
• C. brings in the vulnerability data relevant for an incident that is discovered by QRadar SIEM.
• D. aggregates the relevant network data for an incident that is discovered by QRadar SIEM.

Answer: A

NEW QUESTION 14
Assuming relevant indexing is enabled, which is the fastest way to search recent data in an ad-hoc manner?

• A. AQL
• B. Quick Filters
• C. Quick Searches
• D. Saved Searches

Answer: C

NEW QUESTION 15
Which is NOT an option for the deployment of the QRader sopftware?

• A. Cloud
• B. Virtual
• C. Live CD/DVD
• D. 3rdParty Appliance

Answer: A

NEW QUESTION 16
What do prospects typically care about for high level cyber use cases?

• A. 1. Advanced Threats2. Insider Threats3. Securing the cloud4. Critical Data Protection
• B. 1. Best price for performance2. Outside Threats3. Patching ALL vulnerabilities found as soon as they are reported4. Running a clean data center
• C. 1. Having a proper time management system2. Evacuation rule compliance3. Making the sales target for the week4. Speed of deployment and Time to value
• D. 1. Having a good password change policy2. Erasing documents which describe a recent data breach3. keeping up to date with Windows patch updates4. cleaning the BGP routing tables regularly

Answer: C

NEW QUESTION 17
In which use case can QRadar Vulnerability Manager be used to detect a particular vulnerability and assist in remediating?
QRadar Vulnerability Manager:

• A. to patch systems for high risk vulnerabilities.
• B. to analyze events from and to a known Botnet site.
• C. to extract packets and reconstruct the network traffic session.
• D. for searching which systems are vulnerable to a particular exploit and what Intrusion Preventions systems can be used to remediate it.

Answer: D

NEW QUESTION 18
......