C2150-612 Online Practice Questions and Answers

What is a benefit of using a span port, mirror port, or network tap as flow sources for QRadar?

A. These sources are marked with a current timestamp.

B. These sources show the ASN number of the remote system.

C. These sources show the username that generated the flow.

D. These sources include payload for layer 7 application analysis.

How does flow data contribute to the Asset Database?

A. Correlated Flows are used to populate the Asset Database.

B. It provides administrators visibility on how systems are communicating on the network.

C. Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.

D. It delivers vulnerability and ports information collected from scanners responsible for evaluating network assets.

While on the Offense Summary page, a specific Category of Events associated with the Offense can be

investigated.

Where should a Security Analyst click to view them?

A. Click on Events, then filter on Flows

B. Highlight the Category and click the Events icon

C. Scroll down to Categories and view Top 10 Source IPs

D. Right Click on Categories and choose Filter on Network Activity

Which three pages can be accessed from the Navigation menu on the Offenses tab? (Choose three.)

A. Rules

B. By Category

C. My Offenses

D. By Event Name

E. Create Offense

F. Closed Offenses

When QRadar processes an event it extracts normalized properties and custom properties.

Which list includes only Normalized properties?

A. Start time, Source IP, Username, Unix Filename

B. Start time, Username, Unix Filename, RACF Profile

C. Start time, Low Level Category, Source IP, Username

D. Low Level Category, Source IP, Username, RACF Profile

Which two actions can be performed on the Offense tab? (Choose two.)

A. Adding notes

B. Deleting notes

C. Hiding offenses

D. Deleting offenses

E. Creating offenses

What is the difference between an offense and a triggered rule?

A. Offenses are created every time a rule's tests are satisfied, but a rule may only trigger if the response limiter allows.

B. The first time a rule triggers, it will create an offense, after than to new offense will be created for the same index type.

C. A rule will always trigger if its tests are satisfied, but an offense may only be created if the event magnitude is greater than 6.

D. An offense may be created or updated by a triggered rule, but a rule will always trigger when the tests are satisfied.

Which QRadar component stores and forwards events from local and remote log sources?

A. QRadar Data Node

B. QRadar Event Collector

C. QRadar Event Processor

D. QRadar Distributes Console

What is the correct procedure for closing an offense?

A. From the Offenses Tab, select the offense(s), click on Actions, select Close

B. From the Dashboard, select the offense(s) in question, right click and select Close

C. From the Offense Summary Page, click Display and select Close and select the reason

D. From the Offenses Tab, select the offense(s), right click on selection, select Close

Which QRadar add-on component can quickly retrace the step-by-step actions of an attacker?

A. QRadar Risk Manager

B. QRadar Flow Connector

C. QRadar Incident Forensics

D. QRadar Vulnerability Manager