What is accessible from the Offenses Tab but is not used to present a sorted list of offenses?
A. Destination IP
B. Rules
C. Category
D. Source IP
正解:B
質問 2:
What is one of the major differences between event and network data (flow)?
A. Flows can replay a whole packet by packet sessions, while events are just a snapshot.
B. An event can have a life span that can last seconds, minutes, hours or days, while flows can only span 1 minute.
C. A flow can have a life span that can last seconds, minutes, hours or days, while events ate only a snapshot,
D. Events represent network activity by normalizing IP addresses, ports, byte and pucket counts. while flows do not.
正解:C
質問 3:
What are two benefits of using a netflow flow source? (Choose two)
A. They can include usernames involved in the flow.
B. They can include ASN numbers of remote addresses.
C. They can include authentication methods used to access the network.
D. They can include data payload
E. They can include router interface information.
正解:B,E
質問 4:
What is a main function of a Cisco Adaptive Security Appliance (ASA)?
A. A Firewall
B. A Switch
C. A Proxy
D. An Authentication device
正解:A
質問 5:
Which filter in the Log & Network Activity tabs is supported by both flows and events?
A. Application [Indexed] matches [Application]
B. Username [Indexed] equals any of [Username]
C. Source IP [Indexed] equals any off [IP Address]
D. Source Payload Contains is [Pattern]
正解:C
質問 6:
What is the definition of asset profile on QRadar?
A. It is the information servers and hosts in a network provide to assist users when resolving security issues.
B. It is any network endpoint that sends or receives data across a network infrastructure.
C. It is an application used to configure and distribute settings to devices and computers in an organization, school, or business.
D. It is all the information that IBM Security QRadar SIEM collected over time about a specific asset.
正解:D
Kawai -
勉強のコツが嬉しい内容でPass4Testブレイクしつつなるほどな、と思ったり。C2150-612の知識がない未経験者、学生の方でもついてこれるぐらいに初歩からじっくり学べるのは良い点