IBM C2150-612 IBM Security QRadar SIEM V7.2.6 Associate Analyst Online Training
IBM C2150-612 Online Training
The questions for C2150-612 were last updated at Feb 16,2025.
- Exam Code: C2150-612
- Exam Name: IBM Security QRadar SIEM V7.2.6 Associate Analyst
- Certification Provider: IBM
- Latest update: Feb 16,2025
A Security Analyst found multiple connection attempts from suspicious remote IP addresses to a local host on the DMZ over port 80. After checking related events no successful exploits were detected. Upon checking international documentation, this activity was part of an expected penetration test which requires no immediate investigation.
How can the Security Analyst ensure results of the penetration test are retained?
- A . Hide the offense and add a note with a reference to the penetration test findings
- B . Protect the offense to not allow it to delete automatically after the offense retention period has elapsed
- C . Close the offense and mark the source IP for Follow-Up to check if there are future events from the host
- D . Email the Offense Summary to the penetration team so they have the offense id, add a note, and close the Offense
Which list is only Rule Actions?
- A . Modify Credibility; Send SNMP trap; Drop the Detected Event; Dispatch New Event.
- B . Modify Credibility; Annotate Event; Send to Forwarding Destinations; Dispatch New Event.
- C . Modify Severity; Annotate Event; Drop the Detected Event; Ensure the detected event is part of an offense.
- D . Modify Severity; Send to Forwarding Destinations; Drop the Detected Event; Ensure the detected event is part of an offense.
What are the two available formats for exporting event and flow data for external analysis? (Choose two.)
- A . XML
- B . DOC
- C . PDF
- D . CSV
- E . HTML
Which information can be found under the Network Activity tab?
- A . Flows
- B . Events
- C . Reports
- D . Offenses
Which type of tests are recommended to be placed first in a rule to increase efficiency?
- A . Custom property tests
- B . Normalized property tests
- C . Reference set lookup tests
- D . Payload contains regex tests
When reviewing Network Activity, a flow shows a communication between a local server on port 443, and a random, remote port. The bytes from the local destination host are 2 GB, and the bytes from the remote, source host address are 40KB.
What is the flow bias of this session?
- A . Other
- B . Mostly in
- C . Near-same
- D . Mostly out
Which pair of options are available in the left column on the Reports Tab?
- A . Reports and Owner
- B . Reports and Branding
- C . Reports and Report Grouping
- D . Reports and Scheduled Reports
Which QRadar rule could detect a possible potential data loss?
- A . Apply “Potential data loss” on event of flows which are detected by the local system and when any IP is part of any of the following XForce premium Premium_Malware
- B . Apply “Potential data loss” on flows which are detected by the local system and when at least 1000 flows are seen with the same Destination IP and different Source IP in 2 minutes
- C . Apply “Potential data loss” on events which are detected by the local system and when the event category for the event is one of the following Authentication and when any of Username are contained in any of Terminated_User
- D . Apply “Potential data loss” on flows which are detected by the local system and when the source bytes is greater than 200000 and when at least 5 flows are seen with the same Source IP, Destination IP, Destination Port in 12 minutes
What is the default view when a user first logs in to QRadar?
- A . Report Tab
- B . Offense Tab
- C . Dashboard tab
- D . Messages menu
What is a Device Support Module (DSM) function within QRadar?
- A . Unites data received from logs
- B . Provides Vendor specific configuration information
- C . Scans log information based on a set of rules to output offenses
- D . Parses event information for SIEM products received from external sources
