C2150-400 Online Practice Questions and Answers

Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner?

A. \xml

B. 'xml'

C. *\.xml

D. */.xml

Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows events and flows and not events from other networks?

A. No Restrictions

B. Log Sources Only

C. Networks OR Log Sources

D. Networks AND Log Sources

On the QRadar console you have received notification that CVE ID: CVE-2010-000 is being actively used. What search parameter should you select from the list of search parameters in this situation?

A. Collateral Damage Reference

B. Vulnerability External Reference

C. Vulnerability Information System

D. Vulnerability Internal System Reference

You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log source type GenericDSM and the correct Log Source Event ID.

What is the next step in this process?

A. Create the high level and low level categories from the map id action

B. Map the custom log records to your own custom high level and low level categories

C. Create the high level and low level categories from the Rules section in the Offense tab

D. Run the qidmap.pl script to create high level and low level categories from the command line

An off-site source can connect to which component?

A. Flow collector

B. Event collector

C. Flow processor

D. Event processor

What is the minimum bandwidth needed between the primary and secondary HA host?

A. 1 gigabits per second (Gbps)

B. 2 gigabits per second (Gbps)

C. 3 gigabits per second (Gbps)

D. 4 gigabits per second (Gbps)

You have been asked to forward all event logs from QRadar to another central syslog server with the IP of

172.16.77.133. You also want the events to be processed by the CRE, but not stored on the system.

What will allow you to do this process?

A. Add a Routing Rule that under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Raw Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.

B. Add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, add a Forwarding destination for 172.16.77.133 with the "Normalized Event" format. Then select the 'Forward' and 'Drop' options. Save and deploy.

C. Add a forwarding Destination for 172.16.77.133 with the "Raw Event" format. Then add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward' and 'Drop' options. Save and deploy.

D. Add a forwarding Destination for 172.16.77.133 with the "Normalized Event" format. Then add a Routing Rule that, under Current Filters "Matches All Incoming Events", under Routing Options, select the Forward destination that matches destination you created. Then select the 'Forward* and 'Drop* options. Save and deploy.

Which QRadar component requires the use of a NAPATECH card?

A. QRadar 3105 Console

B. QRadar 1705 Processor

C. QRadar 1605 Processor

D. QRadar QFlow Collector 1310

Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment?

A. Red

B. Blue

C. Black

D. Green

A user of QRadar wishes to have a report showing the total bytes seen on their Internet connection. The user decides to create a Custom Flow Property to add the bytes sent and bytes received together.

Which type of custom property is required for this to be accomplished?

A. Regex Custom Property

B. Computed Custom Property

C. Arithmetic Based Custom Property

D. Calculation Based Custom Property

Which two primary data sources send updates to the Asset profiler? (Choose two.)

A. Source IP

B. Source Port

C. Scan Result

D. Destination IP

E. Identity Events

Which operating system is supported for creating a bootable flash drive for recovery?

A. Cisco IOS

B. Sun Solaris

C. Debian Linux

D. MS Windows Vista

How do you view an offense that is associated with an event from the Log Activity tab?

A. Double click the event

B. Click the Offense icon next to the event

C. Right click the event, select View Offenses

D. Select the event, and select Offenses from the View list box

A customer wants to view Log Sources based on functionality on QRadar console. The customer wants to categorize its Log Sources into multiple groups, which allows the customer to efficiently view and track its log sources.

What is the maximum number of log sources a log source group can display on the QRadar console?

A. 100

B. 500

C. 750

D. 1000

Which action can be performed on a license key?

A. Erase a license key

B. Delete a license key

C. Unload a license key

D. Unallocate a license key