C2150-624 Online Practice Questions and Answers

An IBM Security QRadar SIEM V7.2.8 Administrator assigned to a company that is looking to add QRadar into their current network. The company has requirements for 250,000 FPM, 15,000 EPS and FIPS. Which QRadar appliance solution will support this requirement?

A. QRadar 3128-C with Basic License

B. QRadar 2100-C with Basic License

C. QRadar 3128-C with Upgraded License

D. QRadar 2100-C with Upgraded License

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration

backup files from the previous day to an off-site location.

What is the default location where these files can be found?

A. /store/backup

B. /store/exports

C. /store/postgres

D. /store/backupHost

What data is purged by the SIM reset process "Hard Clean" in IBM Security QRadar SIEM V7.2.8?

A. All current and historical SIM data.

B. All historical SIM data, current SIM data is retained.

C. All SIEM data, a complete reconfiguration is required.

D. All source and destination IP addresses are purged, all offenses in the database are closed.

A retention policy allows an IBM Security QRadar SIEM V7.2.8 Administrator to define how long the system is required to keep certain types of data and what to do when data reaches a certain age. If a 3month retention policy is defined for all events, then the system will not delete event data until it's on disk timestamp is 3 months in the past. Which two choices are available in the `delete data in this bucket'? (Choose two.)

A. When the index is full

B. Upon reboot of the system

C. When storage space is required

D. When performance is heavily affected

E. Immediately after retention period has expired

An Administrator is tasked with installing additional log sources into an IBM Security QRadar SIEM V7.2.8

deployment, bringing the total number of log source to 900. The deployment is using the default license

and the Administrator is getting an error attempting to add these additional log sources.

Why is this error happening?

A. The default license only allows 250 log sources.

B. The default license only allows 500 log sources.

C. The default license only allows 750 log sources.

D. The default license only allows 800 log sources.

During the IBM Security QRadar SIEM V7.2.8 installation, which two default user roles are defined? (Choose two.)

A. All

B. Any

C. Admin

D. SuperUser

E. SuperAdmin

How can an IBM Security QRadar SIEM V7.2.8 Administrator capture specific data to a reference set when QRadar receives the data from events or flow data?

A. Create or modify a report so the required data is exported to a Reference: Set.

B. On the Admin tab. create or modify the reference set to capture the required data.

C. On the Admin tab define a Custom Action to add the required data to a Reference: Set.

D. Create or modify a rule so the Rule Response will add the required data to a Reference: Set.

An IBM Security QRadar SIEM V7.2.8 Administrator is implementing a retention policy of flows and events.

The retention buckets are sequenced in priority order from the top row to the bottom row.

What happens if a record does not match any of the configured retention buckets?

A. The record is dropped and is not stored

B. The record is stored in the default retention bucket

C. The record is stored in a raw format inside /default partition

D. The record is stored in any of the available retention buckets

A backup failure occurs on an IBM Security QRadar SIEM V7.2.8 Console or on an Event Processor. Which system notification message can an Administrator configure for an email notification?

A. Backup: requires more disk space

B. Backup: unable to process backup request

C. Backup: last Backup exceeded space threshold

D. Backup: last Backup reached execution threshold

An Administrator using IBM Security QRadar SIEM V7.2.8 is using the following RegEx to extract an email

address:

(.+@[^\.].*\.[a-z]{2,}$)

What does the "[a-z]" portion capture?

A. The literal string "a-z".

B. The letter a or the letter z.

C. Any lower case letter from b to y.

D. Any lower case letter from a to z.