Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

C2150-614 by IBM - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 57

1 2 3

→

Know a question that should be here? Contribute to this exam

A client has reached the maximum of 5000 EPS for their 3128 All-in-One appliance. They have just completed an acquisition of a competitor company and would like to get them on-board with collecting events for correlation in QRadar. It has been determined that the newly acquired company has a large number of log sources, and it is estimated that its total EPS will be approx. 22000 EPS.
What will meet the hardware requirements when changing to a distributed environment?

A 1605 Event Processor
B 1622 Event Processor
C 1624 Event Processor
D 1628 Event Processor

A Deployment Professional has detected a big spike in a customer’s "Malware infection detected" rule that monitors their endpoint anti-virus solution. The spike happened over the weekend, but when the rule was checked, it was not changed. Since Monday morning, the rule has spiked and has not yet stopped generating offenses.
What was added to the customer's QRadar log sources that caused this problem?

A Proxies
B Flow Collectors
C Domain Controllers
D Guest network in their offices.

A customer has existing complex network infrastructure with many redundant links and the IP packets are taking different paths for inbound and outbound traffic. A
Deployment Professional needs to configure SFlow.
What should be configured in IBM Security QRadar SIEM V7.2.7 to support this specific case?

A Enable flow forwarding
B Disable flow forwarding
C Enable asymmetric flows
D Disable symmetric flows

In IBM Security QRadar SIEM V7.2.7, the number of Aggregated Data Management Views were increased.
How many additional views were added?

A 100
B 120
C 130
D 170

Two multi-site companies with international presences are merging and consolidating their operations. The companies have decided that the relevant information on each site must be available to the local users only.
How should IBM Security QRadar SIEM V7.2.7 be configured to comply with this request?

A The domains must be used with security profiles to limit the available information to a group of users within that domain.
B The networks must be used with security profiles to limit the available information to a group of users within that domain.
C The multi-tenancy must be configured to isolate the users and then domains will be used to assign log sources and networks to these users.
D The multi-tenancy must be configured to allow each company to isolate and control their assets, log sources, users, networks, flows, and dashboards.

A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level.
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.
What should be created to meet this client's goal?

A Custom flow property
B Custom event property
C Custom DSM for parsing overrule
D Custom DSM for parsing enhancement

You are tasked with configuring IBM Security QRadar SIEM V7.2.7 to pull a log file that generated daily at midnight from a custom application on a Microsoft
Windows Server.
Which log source protocol should be used to accomplish this task?

A WinCollect MSRPC
B WinCollect Agent
C WinCollect Log File
D WinCollect File Forwarder

A Deployment Professional has a reference list of usernames that is used in rules. The Deployment Professional needs to be able to remove a username from the reference list when an offense is detected from a log event.
How can a Deployment Professional accomplish this goal?

A As a rule response, select update Reference Set option
B As a rule response, select remove from Reference Set option
C As a rule response, select execute custom action in order to call REST-API: UPDATE: /reference_data/sets/{name}
D As a rule response, select execute custom action in order to call REST-API:

A Deployment Professional has created a new Building Block (BB), and it's not returning any expected events. The Deployment Professional has checked to ensure the BB is enabled and active. No errors are returned.
What should be done to correct this BB problem?

A Add your new custom BB to the "System: Load Building Blocks" rule
B Ensure that the BB has been set to "use" and a Deploy Full Configuration was done
C Make sure that you use "Global System" so that all of the QRadar deployment uses it
D Manually enter in all QID's of the events it till monitor so it will automatically be used

A Deployment Professional has come on-site to upgrade a IBM Security QRadar SIEM V7.2.7 deployment to a new fix level. Before running the upgrade, the software and fix versions must be verified.
What must the Deployment Professional verify?

A Appliances in a deployment must be same version and same fix level.
B Appliances in a deployment could be different version and different fix level.
C Appliances in a deployment must be same version but fix level could be different.
D Appliances in a deployment could be different version but fix level must be the same.

A Deployment Professional has been asked to create a new dashboard which consists of utilizing a saved search.
Which box should be checked when creating this search?

A Add to my Dashboard
B Include in my Dashboard
C Add to my Dashboard items
D Include in my Quick Searches

A Deployment Professional is alerted that flows between two assets within a local network are communicating at a higher rate than normal between midnight and
2 a.m. The Deployment Professional is asked to determine why this is occurring and decides to create an alert that will send a notification when the communication happens again.
Which action could be used?

A Run an AQL query
B Perform Quick search
C Perform Custom search
D Create rule to test for events/flows