IBM C2150-400 - IBM Security Qradar SIEM Implementation v 7.2.1 Exam

Page:    1 / 35   
Total 175 questions

A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the environment. Which role permission is required for enabling and disabling the rule?

  • A. Offenses > Maintain CRE Rules
  • B. Offenses > Toggle Custom Rules
  • C. Offenses > Manage Custom Rules
  • D. Offenses > Maintain Custom Rules


Answer : C

Which Security Profile Permission Precedence should be applied so the users of that profile can only see the flows related to the "Windows Servers" network?

  • A. Network Only
  • B. No Restrictions
  • C. Log Sources Only
  • D. Network AND Log Source


Answer : D

Explanation:
References:

What is required to allow authentication to work properly when using a vendor authentication module like Active Directory?

  • A. Authentication Bind password
  • B. An SSH tunnel between QRadar and the authentication server
  • C. QRadar and the authentication server must be on the same subnet
  • D. Time Synchronization between QRadar and the authentication server


Answer : B

Explanation:
References:

Which IP address of a NATed server is used to access the server from outside the network?

  • A. Public IP address
  • B. Private IP address
  • C. Cluster IP address
  • D. Secondary IP address


Answer : A

Which action prevents an offense from being removed from the database?

  • A. Hide
  • B. Show
  • C. Export
  • D. Protect


Answer : D

Explanation:
References:

Page:    1 / 35   
Total 175 questions