C2150-400 Online Practice Questions and Answers
Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page?
A. /opt/qradar/conf/
B. /opt/qradar/www
C. /opt/tomcat/conf/
D. /opt/qradar/webapps
A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the environment. Which role permission is required for enabling and disabling the rule?
A. Offenses > Maintain CRE Rules
B. Offenses > Toggle Custom Rules
C. Offenses > Manage Custom Rules
D. Offenses > Maintain Custom Rules
A QRadar SIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication with file sharing sites. In which group will the administrator find this specified building block?
A. Policy
B. Host Definitions
C. Network Definition
D. Category Definitions
In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.)
A. Top 5 Source IPs section
B. Click on Display > Sources
C. Click on Display > Destinations
D. Click on Event/Flow Count field's Events link
E. Click on Events button in Last 10 Events section
What is the easiest method to populate host definition building blocks?
A. Setup Rules
B. Server Discovery
C. Authorized Services
D. Manually Define Building Blocks
Assuming a Squid Proxy has logs in the following format:
time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type And these are some sample logs from Squid server:
1286536310.075 452 192.168.0.227 TCP_MISS/200 5067 GET http://www.test.com/vi/VfnuY/default.jpgDIRECT/10.20.153.118 image/jpeg 1286536310.524 935 192.168.0.68 TCP_MISS/200 1021 POST http://www.test.com/services DIRECT/172.16.41.128 application/xml 1286536310.550 495 192.168.0.227 TCP_MISS/204 406 GET http://test.com/get_video? DIRECT/10.12.231.1.136 text/html 1153239176.287 632 172.16.10.92 TCP_IMS_HIT/304 215 GET http:// www.test.com/index.html - NONE/-text/html
Which regular expression would you use to pull out the bytes field into custom property?
A. \w+/\d+\s+(\d+)\s+(POST|GET)
B. \w+/\d+\S+(\d+)\S+(POST|GET)
C. \w+/\d+\s+(\d+)\s+^(POST|GET)
D. \W+/\D+\D+(\D+)\D+(POST|GET)
Which appliance is used to collect, store, and process event and flow data in case of hardware and network failure?
A. Replicated appliance
B. Secondary appliance
C. High availability appliance
D. High accessibility appliance
In which three ways can you create Log Sources? (Choose three.)
A. Bulkload
B. Manually
C. Automatically
D. Scripting
E. Autoupdate
F. QRadar Enterprise template
Who can view all offenses?
A. All users
B. Admin user
C. User who has access to All Log Sources and All Networks
D. Restricted User who has access to a Specific Log Source and Network
Which action can be performed on a license key?
A. Erase a license key
B. Delete a license key
C. Unload a license key
D. Unallocate a license key
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.