Jun 2016 updated: Testking IBM C2150-195 study guide 1-10

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW C2150-195 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/C2150-195-dumps.html

Counting on outstanding engineering, better service for purchasers. Ucertify offer you 24 hour customer service with regard to IBM examinee and you will acquire what you want understand at any time. Your own pleasure in our C2150-195 is the service objective, their joint development along with clients is the persistent quest in the large number. Thus please do not think twice to contact all of us when you have questions of C2150-195 examination.

2016 Jun C2150-195 test questions

Q1. If a user wants to search for Windows user login failures, which high/low level category should be used? 

A. Windows/Failures 

B. Authentication/Failures 

C. Windows/User Login Failures 

D. Authentication/User Login Failure 

Answer: D 


Q2. How can the time zone be changed for an existing report? 

A. From the Report tab > Actions > select Time Zone 

B. Right-click on the Report template > Change Time Zone 

C. Select the report from the Reports tab > Options > Change Time Zone 

D. Modify the template, under Chart Type select Define > select Time Zone 

Answer: D 


Q3. An IBM Security GRadar V7.0 MR4 (QRadar) user has access to QRadar offenses. How do offenses appear in their My Offenses page? 

A. Rules that have been created by the admin and that trigger an offense will also automatically put the triggered offense under their My Offenses page. 

B. When the admin accesses the All Offenses option, they select Offenses and drag and drop them to their My Offenses page. Other QRadar users will no longer see the offenses that are put under their My Offenses page. 

C. Anyone with access to the Offenses page will see all offenses. Under the My Offenses option, the person will see all offenses that have been assigned to them for further analysis and processing. These offenses are assigned from the All Offenses page by choosing the Assign option from the Action menu. 

D. Rules that trigger an offense can also be configured in such way that the resulting offense is automatically assigned to the QRadar user who is notified of the offense by e-mail. The rule is configured to send an e-mail and if the e-mail address matches an e-mail addresse of any of the QRadar users then this offense is automatically added to the My Offenses page of this user. 

Answer: C 


Q4. Everyone involved in a forensic analysis is now convinced that account management events involving promotion of accounts to AD administrator groups must be reported on daily. What is the most efficient method to accomplish this in IBM Security QRadar V7.0 MR4 (QRadar)? 

A. Such a report requires additional parsing of events using extra custom properties and then including these properties in a manual report. 

B. A new rule must be created which triggers an offense every time an account is assigned to an AD administrator group. By examining the event in detail it can be determined if this was really an offense or not. 

C. The detailed search that the user has used to identify the relevant events must be saved first. Once it is saved, then it can be reused on demand, and it can also be used to build a custom report which can then be scheduled. 

D. Automation or scripting is out of the question. The user has to repeat the analysis manually every time a similar incident occurs. The best the user can do is document the steps so that it is repeatable by anyone with access to the QRadar interface. 

Answer: C 


Q5. In the All Offenses dialog box, which column are the offenses sorted by default? 

A. Start Date 

B. Magnitude 

C. Description 

D. Offense Type 

Answer: B 


C2150-195  exam engine

Renew C2150-195 exam topics:

Q6. How can a user cancel a running report in IBM Security QRadar V7.0 MR4? 

A. A running report cannot be canceled 

B. Select the report > Actions > Cancel Report 

C. Right-click on the report > select Cancel Report 

D. Look at the report queue, select the report to be canceled, select Delete 

Answer: A 


Q7. What is the most likely issue with creating a custom property with a bad regex? 

A. It slows down the reports when they are executed. 

B. It slows down the searching in the Log Activity Viewer. 

C. It slows down the event parsing when events are processed. 

D. It slows down the dashboard charts while searching for the data 

Answer: C 


Q8. What are three data types provided by right-clicking IP address > More Options list > Information menu? (Choose three.) 

A. Port Scan 

B. DateyTime 

C. DNS lookup 

D. WHOIS lookup 

E. Source Summary 

F. Destination Summary 

Answer: A,C,D 


Q9. A user is complaining about slow traffic on a specific network segment, and an administrator has been asked to investigate the source of the congestion using an IBM Security QRadar V7.0 MR4 (QRadar) Dashboard workspace named Top Applications. 

From the Top Applications dashboard workspace, which tab is displayed when View Details is clicked? 

A. Assets 

B. Offenses 

C. Log Activity 

D. Network Activity 

Answer: D 


Q10. Why is coalescing important to a non-admin user? 

A. It saves space on disk. 

B. It saves events per second. 

C. It makes it faster to parse the events. 

D. It makes events easier to read in the Log Activity screen. 

Answer: D 


see more IBM Security QRadar V7.0 MR4