C2150-612 Online Practice Questions and Answers

How is an event magnitude calculated?

A. As the sum of the three properties Severity, Credibility and Relevance of the Event

B. As the sum of the three properties Severity, Credibility and Importance of the Event

C. As a weighted mean of the three properties Severity, Credibility and Relevance of the Event

D. As a weighted mean of the three properties Severity, Credibility and Importance of the Event

When reviewing Network Activity, a flow shows a communication between a local server on port 443, and a

random, remote port. The bytes from the local destination host are 2 GB, and the bytes from the remote,

source host address are 40KB.

What is the flow bias of this session?

A. Other

B. Mostly in

C. Near-same D. Mostly out

How does flow data contribute to the Asset Database?

A. Correlated Flows are used to populate the Asset Database.

B. It provides administrators visibility on how systems are communicating on the network.

C. Flows are used to enrich the Asset Database except for the assets that were discovered by scanners.

D. It delivers vulnerability and ports information collected from scanners responsible for evaluating network assets.

When QRadar processes an event it extracts normalized properties and custom properties.

Which list includes only Normalized properties?

A. Start time, Source IP, Username, Unix Filename

B. Start time, Username, Unix Filename, RACF Profile

C. Start time, Low Level Category, Source IP, Username

D. Low Level Category, Source IP, Username, RACF Profile

Which Anomaly Detection Rule type is designed to test event and flow traffic for changes in short term events when compared against a longer time frame?

A. Outlier Rule

B. Anomaly Rule

C. Threshold Rule

D. Behavioral Rule

What are two benefits of using a netflow flow source? (Choose two.)

A. They can include data payload.

B. They can include router interface information.

C. They can include usernames involved in the flow.

D. They can include ASN numbers of remote addresses.

E. They can include authentication methods used to access the network.

Which two actions can be performed on the Offense tab? (Choose two.)

A. Adding notes

B. Deleting notes

C. Hiding offenses

D. Deleting offenses

E. Creating offenses

Which approach allows a rule to test for Active Directory (AD) group membership?

A. Import the AD membership information into the Asset Database using AXIS and use an asset rule test

B. Use the build-in LDAP integration to execute a search for each event as it is received by the Event Processor to test for group membership

C. Maintain reference data for the AD group(s) of interest containing lists of usernames and then add rule tests to see if the normalized username is in the reference data

D. Export the AD group membership information to a CSV file and place it in the /store/AD_mapping.csv

file on the console, then use the `is a member of AD group' test in the rule

A Security Analyst is looking on the Assets Tab at an asset with offenses associated to it.

With a "Right Click" on the IP address, where could the Security Analyst go to obtain all offenses associated with it?

A. Information > Asset Profile

B. Navigate > View by Network

C. Run Vulnerability Scan > Source offenses

D. Navigate > View Source Summary or Destination Summary

Which feature of a Next Generation Firewall is not available on previous firewalls?

A. VPN Support

B. Layer 3 based firewall rules

C. Integrated signature based IPS engine

D. Network and Port-Address Translation (NAT)