C2150-624 Online Practice Questions and Answers

Administrators on versions of IBM Security QRadar SIEM older than V7.2.4 must use a specific upgrade path to transition to newer software versions. These requirements are outlined in what technical document?

A. Fix Level Recommendation Tool

B. IBM latest firmware release notes

C. QRadar Software upgrade progress technical note

D. IBM System Security Interoperation Center (SSIC)

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to delete a single value named

User1 from a reference set with the name "Allowed Users" from the command line interface.

Which command will accomplish this?

A. ./UtilReferenceSet.sh purge "Allowed Users" User1

B. ./ReferenceSetUtil.sh purge "Allowed Users" User1

C. ./ReferenceSetUtil.sh delete "Allowed\ Users" User1

D. ./UtilReferenceSet.sh delete "Allowed\ Users" User1

The event data collected by IBM Security QRadar SIEM V7.2.8 is being deleted after one month. The legal

department required the data be kept for two months.

What can the administrator do to accommodate this requirement?

A. Change the nightly backup Priority to "High".

B. Change the nightly backup to a monthly backup.

C. Change the Default Event Retention Policy property field "Do not delete data in this bucket" to two months.

D. Change the Default Event Retention Policy property field "Keep data placed in this bucket for" to two months.

An Administrator working with IBM Security QRadar SIEM V7.2.8 needs to copy data and configuration

backup files from the previous day to an off-site location.

What is the default location where these files can be found?

A. /store/backup

B. /store/exports

C. /store/postgres

D. /store/backupHost

An IBM Security QRadar SIEM V7.2.8 Administrator is receiving an I/O error on the console. Which command can the Administrator run to begin diagnosing this issue?

A. /etc/init.d/tomcat status

B. /etc/init.d/ariel_query_server status

C. /opt/qradar/init/apply_tunning status

D. /opt/qradar/init/ariel_query_server status

An IBM Security QRadar SIEM V7.2.8 Administrator will install a High Availability (HA) pair of appliances.

The primary and secondary hosts are formatted with the same file system.

To ensure compatibility between hosts, which statement is considered a prerequisite?

A. The size of the /home partition on the secondary must be larger than the /home partition of the primary.

B. The size of the /var/opt/ha on the secondary must be larger than the /var/opt/ha partition of the primary.

C. The size of the /store partition on the secondary must be lesser than the /store partition of the primary.

D. The size of the /store partition on the secondary must be equal to or larger than the /store partition of the primary.

An Administrator working with IBM Security QRadar SIEM V7.2.8 appliances needs to update firmware. How are the files acquired?

A. Firmware updates can be retrieved from IBM developerWorks.

B. Refer to support documents to download the firmware approved for QRadar appliances.

C. All firmware is automatically downloaded and no Administrator intervention is required.

D. All firmware updates are applied as part of the QRadar software patching process, and should not be applied independently.

An Administrator needs to create a new user role in the IBM Security QRadar SIEM V7.2.8 system. What steps need to be followed?

A. System Configuration tab -> Users and Roles -> Add New Role -> Add

B. Admin tab -> System Configuration -> User Management -> User Roles -> New

C. Admin tab -> System and Settings -> Users and Roles -> Role Management -> New

D. System Management tab -> System Configuration -> User Management -> User Roles -> New

An IBM Security QRadar SIEM V7.2.8 Administrator is implementing a retention policy of flows and events.

The retention buckets are sequenced in priority order from the top row to the bottom row.

What happens if a record does not match any of the configured retention buckets?

A. The record is dropped and is not stored

B. The record is stored in the default retention bucket

C. The record is stored in a raw format inside /default partition

D. The record is stored in any of the available retention buckets

A backup failure occurs on an IBM Security QRadar SIEM V7.2.8 Console or on an Event Processor. Which system notification message can an Administrator configure for an email notification?

A. Backup: requires more disk space

B. Backup: unable to process backup request

C. Backup: last Backup exceeded space threshold

D. Backup: last Backup reached execution threshold

An IBM Security QRadar SIEM V7.2.8 deployment configured with High-Availability (HA) has both a

primary and secondary host. The administrator needs to test the operation of the primary high-availability

(HA) host automatic failover to the secondary HA host.

What must be configured to accomplish this test?

A. Configure the time interval of heartbeat timeout tests so the secondary HA host receives a response from the primary HA host within 2 minutes.

B. Configure the time interval of heartbeat timeout tests so the secondary HA host does not receive a response from the primary HA host within 2 minutes.

C. Configure the time interval of heartbeat ping tests so the secondary HA host receives a response from the primary HA host within a preconfigured time period.

D. Configure the time interval of the heartbeat ping tests so the secondary HA host does not receive a response from the primary HA host within a preconfigured time period.

An Administrator is unable to access the IBM Security QRadar SIEM V7.2.8 web GUI. What could the Administrator do to determine the reason for the issue?

A. Check the status of tomcat and httpd.

B. Check the status of ecs-ec and ecs-ep.

C. Check if the postgres database is running.

D. Check if the console is over the EPS and FPS license.

What is important to understand when adding Offense Items to a Dashboard tab in IBM Security QRadar SIEM V7.2.8?

A. Minor or Hidden Offenses are not included in the values that are displayed.

B. Minor or Closed Offenses are not included in the values that are displayed.

C. Closed or Hidden Offenses are not included in the values that are displayed.

D. Closed or Assigned Offenses are not included in the values that are displayed.

An Administrator working with IBM Security QRadar SIEM V7.2.8 is modifying the network hierarchy to

contain a few new subnets contained with the 192.0.0.0/26 range.

What is a valid host range contained in this range?

A. 192.0.0.1 -> 192.0.0.62

B. 192.0.0.1 -> 192.0.0.65

C. 192.0.0.128 -> 192.0.0.192

D. 192.0.0.192 -> 192.0.0.254

Where are the IBM Security QRadar SIEM V7.2.8 errors logged?

A. /var/log/qradar.error

B. /var/log/qradar/error.log

C. /opt/qradar/log/qradar.error

D. /opt/qradar/support/qradar.log