C2150-400 Online Practice Questions and Answers

What does QRadar use to group the event or flow according to the network?

A. Network mapping

B. Network hierarchy

C. Application mapping

D. Application hierarchy

Which attribute is valid when defining the user roles to provide the necessary access?

A. Reports: Maintain Templates

B. Network Activity: View Custom Rules

C. Network Activity: Manage Times Series

D. Log Activity: User Defined Event Properties

What is required to allow authentication to work properly when using a vendor authentication module like Active Directory?

A. Authentication Bind password

B. An SSH tunnel between QRadar and the authentication server

C. QRadar and the authentication server must be on the same subnet

D. Time Synchronization between QRadar and the authentication server

An off-site source can be connected to which component?

A. QFlow

B. Event Collector

C. Flow Processor

D. Event Processor

Which three user-defined parameters contributes to the calculation of the Common Vulnerability Scoring System (CVSS) score on QRadar Assets tab? (Choose three.)

A. Severity Requirement

B. Security Requirement

C. Capacity Requirement

D. Availability Requirement

E. Confidentiality Requirement

F. Collateral Damage Potential

Assuming a Squid Proxy has logs in the following format:

time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type And these are some sample logs from Squid server:

1286536310.075 452 192.168.0.227 TCP_MISS/200 5067 GET http://www.test.com/vi/VfnuY/default.jpgDIRECT/10.20.153.118 image/jpeg 1286536310.524 935 192.168.0.68 TCP_MISS/200 1021 POST http://www.test.com/services DIRECT/172.16.41.128 application/xml 1286536310.550 495 192.168.0.227 TCP_MISS/204 406 GET http://test.com/get_video? DIRECT/10.12.231.1.136 text/html 1153239176.287 632 172.16.10.92 TCP_IMS_HIT/304 215 GET http:// www.test.com/index.html - NONE/-text/html

Which regular expression would you use to pull out the bytes field into custom property?

A. \w+/\d+\s+(\d+)\s+(POST|GET)

B. \w+/\d+\S+(\d+)\S+(POST|GET)

C. \w+/\d+\s+(\d+)\s+^(POST|GET)

D. \W+/\D+\D+(\D+)\D+(POST|GET)

Which scanners report vulnerabilities on all ports? (Choose two.)

A. Axis

B. NMap

C. Qualys

D. tcpdump

E. nCircle IP360

Which operating system is supported for creating a bootable flash drive for recovery?

A. Cisco IOS

B. Sun Solaris

C. Debian Linux

D. MS Windows Vista

Which icon on the Admin tab do you select when setting up QRadar to use an external authentication method?

A. Users

B. Authentication

C. System Settings

D. Authorized Services

A customer is observing the Asset tab on the QRadar console and is getting duplicate assets in the console.

What is the reason for this asset duplication?

A. There are multiple heterogeneous assets present in environment.

B. There are multiple assets having same configuration details present in environment.

C. QRadar creates duplicate assets after a specific periodic interval without considering asset activity or inactivity.

D. Asset doesn't appear in network for specific time period; when it came back QRadar detects it and

created a new asset for the same.