IBM P2150-870 Secret 2021

NEW QUESTION 1
Which attributes would contribute to an effective demonstration of QRadar?

• A. Bring a whiteboard since prospect might not have on
• B. Show what each tab of the QRadar interface does.
• C. Show all analysis features on flow dat
• D. Focus on the functions that the prospect asked for
• E. Explain all extension options for add-ons to the prospec
• F. Explain QRadar's architecture and scalability.
• G. Tell a story on how QRadar solves an issue that is relevant to the prospec
• H. Talk about the benefits of QRadar in relation to the prospect's situation.

Answer: C

NEW QUESTION 2
Which subjects should be covered when first demonstrating QRadar?

• A. 1. The devices QRadar supports.2. How to write rules to detect spear-fishing attacks.3. How much EPS QRadar can handle on a single box.4. Why QRadar should be chosen.
• B. 1. The QRadar add-on
• C. and what problems they solve.2. How QRadar add-ons work.3. How to create a custom extracted property from a custom log source.4. A use case involving different geographies, and its integration to a physical security system (badge reader).
• D. 1. The problem QRadar solves.2. How QRadar works (i.e.. data integration, correlation and offenses).3. Use cases that apply to the client's business.4. QRadar's competitive advantages
• E. 1. The programming languages used to build QRadar.2. The cost per EPS and FPM3. Building a use case in QRadar's rule wizard.4. A POC so client can personally test the product.

Answer: A

NEW QUESTION 3
Which is the most common formatused to send event data to a SIEM?

• A. JSON
• B. LEEF
• C. Syslog
• D. NetFlow

Answer: D

NEW QUESTION 4
Which types of software appliance are involved of an events is received by an Event Collector, and the event is then to an Event Processor and causes an Offense to be updated on the Console?

• A. 13xx to 17xx to 31xx
• B. 13xx to 18xxt o 21xx
• C. 13xx to 16xx to 31xx
• D. 15xx to 17xx to 21xx

Answer: C

NEW QUESTION 5
What are offenses used for?

• A. To track the time spent investigating incidents by an Analyst.
• B. To provide incident statistics based on rule group membership.
• C. To bundle information about a suspicious activity, including events and flows.
• D. To allow the Historical Correlation engine to check for previous occurrences of security incidents

Answer: A

NEW QUESTION 6
What is the unique benefit of moving to QRadar on Cloud? Customers can now:

• A. reduce future capital expense.
• B. take advantage of QRadar Apps.
• C. build much larger QRadar deployments
• D. have access to additional device support modules.

Answer: B

NEW QUESTION 7
What would be relevant questions to ask for scoping the environment? (Select 3)

• A. How many data centers do you have?
• B. How many users will be using QRadar?
• C. How many storage networks to you have?
• D. How many QRadar appliances do you want to acquire?
• E. How many log sources do you want to add to the project?
• F. In how many countries do you want to deploy QRadar?
• G. Which compliance extensions do you need to deploy?

Answer: CFG

NEW QUESTION 8
What are thesystems called which send events to QRadar?

• A. Assets
• B. Firewalls
• C. Log Sources
• D. Data Backups

Answer: D

NEW QUESTION 9
How can assets be used to help in investigations?

• A. As valuable data sources.
• B. Make searching for offenses easier.
• C. Help connect an offense to a device.
• D. Provide external threat intelligence.

Answer: D

NEW QUESTION 10
How does QRadar Advisor with Watson help security analysts investigate security incidents?

• A. It analyzes flow data.
• B. It analyzes and investigates an offense.
• C. It scans systems for vulnerabilities.
• D. It extracts packet data for security investigations.

Answer: D

NEW QUESTION 11
Besides a QRadar Console, which additional types of appliance does a typical QRadar Incident Forensics deployment contain?
One or more QRadar Incident Forensics appliances, and:

• A. one or more QRadar Event Collector appliances.
• B. one or more QRadar QFlow Collector appliances.
• C. one or more QRadar Vulnerability Scanner appliances
• D. one or more QRadar Network Packet Capture appliances

Answer: A

NEW QUESTION 12
Which is a valid use case for QRadar Network Insights (QN|)?

• A. Finding anomalies and behavior exceptions in event traffic volumes
• B. Analyzing network traffic and finding document hashes from email attachments.
• C. Discovering the network topology within the enterprise based on retrieving the firewall and router/switch rule sets.
• D. Doing after the factreconstruction of user web sessions, chat sessions, and documents, and finding relations between all these.

Answer: C

NEW QUESTION 13
Which is NOT an option for the deployment of the QRader sopftware?

• A. Cloud
• B. Virtual
• C. Live CD/DVD
• D. 3rdParty Appliance

Answer: A

NEW QUESTION 14
Which QRadar Apps integrate with the User Behaviour Analytics App to enhance its detection capabilities?

• A. QRadar Risk Manager and QRadar Network Security
• B. QRadar Machine Learning App and Reference Data Import - LDAP
• C. QRadar Asset Profiler App and Palo Alto Networks App for QRadar
• D. QRadar Incident Remediation App and QRadar Artificial Analysis App

Answer: C

NEW QUESTION 15
What do prospects typically care about for high level cyber use cases?

• A. 1. Advanced Threats2. Insider Threats3. Securing the cloud4. Critical Data Protection
• B. 1. Best price for performance2. Outside Threats3. Patching ALL vulnerabilities found as soon as they are reported4. Running a clean data center
• C. 1. Having a proper time management system2. Evacuation rule compliance3. Making the sales target for the week4. Speed of deployment and Time to value
• D. 1. Having a good password change policy2. Erasing documents which describe a recent data breach3. keeping up to date with Windows patch updates4. cleaning the BGP routing tables regularly

Answer: C

NEW QUESTION 16
Which TCP/IP protocols are at layer 4 of the OSI model (Select 2)

• A. TCP
• B. UDP
• C. ARP
• D. ICMP
• E. IGMP

Answer: AB

NEW QUESTION 17
How can QRadar Network Security improve security posture for companies? By using QRadar Network Security, companies can:

• A. implement an application firewall.
• B. perform event monitoring.
• C. perform vulnerability scanning to detect vulnerabilities.
• D. perform application contro
• E. SSL inspection, and disrupt advanced malware

Answer: A

NEW QUESTION 18
Which is standard on a QRadar on Cloud deployment?

• A. High Availability
• B. Packet analysis
• C. Vulnerability Management
• D. Custom log source development

Answer: B

NEW QUESTION 19
What is the QRadar 14xx Data Node used for? It is used to:

• A. offload Offense management tasks from a multi-tenant 31 xx appliance.
• B. provide a long term data backup store for 16xx, 17xx, 18xx and 31 xx appliances.
• C. provide additional storage and processing for 16x
• D. 17xx, 18xx and 31 xx appliances.
• E. run complex 'Machine Learning' style applications in the QRadar application framework.

Answer: B

NEW QUESTION 20
......