Which device uses signatures for traffic analysis when deployed in a network environment to detect, allow, block, or simulated-block traffic?
A. QRadar
B. Switch
C. Proxy
D. IDS/IPS
正解:D
質問 2:
What is one of the major differences between event and network data (flow)?
A. Flows can replay a whole packet by packet sessions, while events are just a snapshot.
B. An event can have a life span that can last seconds, minutes, hours or days, while flows can only span 1 minute.
C. A flow can have a life span that can last seconds, minutes, hours or days, while events ate only a snapshot,
D. Events represent network activity by normalizing IP addresses, ports, byte and pucket counts. while flows do not.
正解:C
質問 3:
Which two are top level options when right clicking on an IP Address within the Offense Summary page?
(Choose two.)
A. Information
B. DNS Lookup
C. WHOIS
D. Asset Summary Page
E. Navigate
正解:A,E
質問 4:
Which QRadar rule could detect a possible potential data loss?
A. Apply "Potential data loss" on flows which are detected by the local system and when at least 1000 flows are seen with the same Destination IP and different source in 2 minutes
B. Apply "Potential data loss" on event of flows which are detected by the local system and when any IP is part of any of the following XForce premium Premium_Malware
C. Apply "Potential data loss" on flows which are detected by the local system and when the source bytes is greater than 200000 and when at least 5 flows are seen with the same Source IP, Destination Port Destination IP in 12 minutes
D. Apply "Potential data loss" on events which are detected by the local system and when the event category for the event is one of the following Authentication and when any of Username are contained in any of Terminated_User
正解:C
質問 5:
Given these default options for dashboards on the QRadar Dashboard Tab:
Which will display a list of offenses?
A. Threat and Security Monitoring
B. System Monitoring
C. Vulnerability Management
D. Network Overview
正解:A
質問 6:
Which three optional items can be added to the Default and Custom Dashboards without requiring additional licensing? (Choose three.)
A. Flow Search
B. Asset Management
C. Log Activity
D. Offenses
E. Risk Change
F. Risk Monitoring
正解:D,E,F
Omori -
重要なキーワードや解説も丁寧で基礎も含めてこれC2150-612一冊で十分カバー出来ます。過去問を解くことを繰り返していれば問題なくC2150-612合格できると感じました。