最新的IBM C2150-612免費考試真題

問題1

A Security Analyst is looking on the Assets Tab at an asset with offenses associated to it.
With a "Right Click" on the IP address, where could the Security Analyst go to obtain all offenses associated with it?

A. Navigate > View Source Summary or Destination Summary

B. Information > Asset Profile

C. Navigate > View by Network

D. Run Vulnerability Scan > Source offenses

正確答案: D

問題2

What is a key difference between the magnitude of an event and the magnitude of an offense?

A. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense is derived when the offense is created and does not vary.

B. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense can increase or decrease over time.

C. The magnitude of an event is derived when the event is received and does not vary, the magnitude of an offense can only increase.

D. The magnitude of an event is derived from the current magnitude of the offense it creates, the magnitude of an offense can increase or decrease overtime.

正確答案: B

問題3

What is the definition of asset profile on QRadar?

A. It is an application used to configure and distribute settings to devices and computers in an organization, school, or business.

B. It is the information servers and hosts in a network provide to assist users when resolving security issues.

C. It is all the information that IBM Security QRadar SIEM collected over time about a specific asset.

D. It is any network endpoint that sends or receives data across a network infrastructure.

正確答案: C

問題4

What is the correct procedure to both assign and add a note to an offense from the Graphical User Interface (GUI)?

A. With the new release of 7.2.6 this can now be done in one step, both from the Offenses Tab and the Offense Summary Page.

B. Both tasks must be done independently and can only be done on the Offenses Tab

C. With the new release of 7.2.6 this can now be done in one step from the Offenses Tab only.

D. Both tasks must be done independently but can be completed from both the Offenses Tab and the Offense Summary Page.

正確答案: A

問題5

Which type of tests are recommended to be placed first in a rule to increase efficiency?

A. Custom property tests

B. Payload contains regex tests

C. Preference set lookup tests

D. Normalized property tests

正確答案: D

問題6

What is indicated by an event on an existing log in QRadar that has a Low Level Category of "Unknown"?

A. That event arrived out of order from the original device

B. That the event was parsed, but not mapped to an existing QRadar category

C. That event could not be parsed

D. That event was from a device that is not supported by QRadar

正確答案: B

說明：（僅 Fast2test 成員可見）

問題7

How is an event magnitude calculated?

A. As a weighted mean of the three properties Severity, Credibility and Relevance of the Event

B. As a weighted mean of the three properties Severity, Credibility and Importance of the Event

C. As the sum of the three properties Severity, Credibility and Relevance of the Event

D. As the sum of the three properties Severity, Credibility and Importance of the Event

正確答案: A

問題8

Events and Flows both have multiple different timestamps available to them.
Which timestamp is available to both events and flows?

A. First Activity Time

B. End Time

C. Last Activity Time

D. Storage Time

正確答案: C

問題9

Where can a user add a note to an offense in the user interface?

A. Offenses Detail Window, Dashboard, and Admin Tab

B. Dashboard and Offenses Tab

C. Dashboard, Offenses Tab, and Offense Detail Window

D. Offenses Tab and Offense Detail Window

正確答案: D

說明：（僅 Fast2test 成員可見）

最新的IBM Security QRadar SIEM V7.2.6 Associate Analyst - C2150-612免費考試真題

聯系我們

站內鏈接

最新更新