A2150-195 Online Practice Questions and Answers

How can a report be set up with restricted user access?

A. Click Reports > Restrict Users

B. Click on Manage Groups and add the user to the Restricted Reports group

C. Select the appropriate users on the Report Editing wizard to access the reports

D. Click Admin > Users, edit each user, and create lists of report filters users are allowed to see

Which steps are required to see hidden offenses in IBM Security QRadar V7.0 MR4 (QRadar)?

A. Contact the QRadar administrator to select Hidden Offenses and then choose the Show option from the Action menu.

B. From the Offenses page, navigate to All Offenses and open the Search menu. Select Edit Search and in the Search Parameters section, uncheckthe box Exclude Hidden Offenses.

C. From the Offenses page, navigate to the Offenses by Category, and click on Show Inactive Categories to display all hidden offenses. Click Hide Inactive Categories to hide them again.

D. Hidden Offenses are no longer associated with Offenses so a custom report and a search should be created that uses a search parameter where Associated with Offense equals False. To create a custom report, navigate to Reports and from the Actions menu select Create.

On the Offense summary page, which filter is executed when the Events icon or the link with the number of events is clicked?

A. An event filter with all events matching the source IP address

B. An event filter with all events matching the destination IP address

C. An event filter with the Custom Rule Engine rule(s) for the last 24 hours

D. An event filter with the Custom Rule Engine rule(s) for the duration of the offense

Why is coalescing important to a non-admin user?

A. It saves space on disk.

B. It saves events per second.

C. It makes it faster to parse the events.

D. It makes events easier to read in the Log Activity screen.

Which statement about log source identifiers is true for the same log source identifier to be used more than once?

A. It must always be unique.

B. It must be unique amongst the same protocol.

C. It must be unique amongst the same log source group.

D. It must be unique amongst log sources of the same type

Where would a user look to see the entire payload of an event?

A. The Raw Event tab

B. View > Show Payload

C. Right-click > Show Payload

D. The Payload Information section

How is an asset's weight used?

A. To classify the level of asset activity

B. To define the vulnerability of the asset

C. To determine how much emphasis IBM Security QRadar V7.0 MR4 gives when parsing logs

D. To determine the true severity and relevance of an event when the asset is involved in an offense

If a user wants to assign an incident to a particular user, which drop-down list would they select inside the Offense interface?

A. Display

B. Actions

C. Incident

D. Question Mark

Which option must be selected to view the results of previously run searches from the Log Activity tab?

A. Edit Search

B. New Search

C. Save Criteria

D. Manage Search Results

On the Offense Summary page, which filter is executed when the Flows icon or the link with the number of flows is clicked on?

A. A flow filter with all flows matching the source IP address

B. A flow filter with all flows matching the destination IP address

C. A flow filter with the Custom Rule Engine rule(s) for the last 24 hours

D. A flow filter with the Custom Rule Engine rule(s) for the duration of the offense