P2150-870 Exam - Technical Sales Foundations for IBM Security Intelligence and Analytics V1

NEW QUESTION 1
What would be relevant questions to ask for scoping the environment? (Select 3)

• A. How many data centers do you have?
• B. How many users will be using QRadar?
• C. How many storage networks to you have?
• D. How many QRadar appliances do you want to acquire?
• E. How many log sources do you want to add to the project?
• F. In how many countries do you want to deploy QRadar?
• G. Which compliance extensions do you need to deploy?

Answer: CFG

NEW QUESTION 2
What do prospects typically care about for high level cyber use cases?

• A. 1. Advanced Threats2. Insider Threats3. Securing the cloud4. Critical Data Protection
• B. 1. Best price for performance2. Outside Threats3. Patching ALL vulnerabilities found as soon as they are reported4. Running a clean data center
• C. 1. Having a proper time management system2. Evacuation rule compliance3. Making the sales target for the week4. Speed of deployment and Time to value
• D. 1. Having a good password change policy2. Erasing documents which describe a recent data breach3. keeping up to date with Windows patch updates4. cleaning the BGP routing tables regularly

Answer: C

NEW QUESTION 3
What does QRadar Incident Forensics do? QRadar Incident Forensics:

• A. analyzes event data for an incident that is discovered by QRadar SI EM.
• B. analyzes flow data for an incident that is discovered by a QRadar SI EM.
• C. brings in the vulnerability data relevant for an incident that is discovered by QRadar SIEM.
• D. aggregates the relevant network data for an incident that is discovered by QRadar SIEM.

Answer: A

NEW QUESTION 4
What type of appliance is a 3105?

• A. Flow Collector
• B. Event Collector
• C. Event Processor
• D. All in One OR Console

Answer: A

NEW QUESTION 5
What is the QRadar 14xx Data Node used for? It is used to:

• A. offload Offense management tasks from a multi-tenant 31 xx appliance.
• B. provide a long term data backup store for 16xx, 17xx, 18xx and 31 xx appliances.
• C. provide additional storage and processing for 16x
• D. 17xx, 18xx and 31 xx appliances.
• E. run complex 'Machine Learning' style applications in the QRadar application framework.

Answer: B

NEW QUESTION 6
Which default Dashboard shows QRadar error messages?

• A. Network Overview
• B. System Monitoring
• C. Application Overview
• D. Threat and Security Monitoring

Answer: B

NEW QUESTION 7
Which QRadar Apps integrate with the User Behaviour Analytics App to enhance its detection capabilities?

• A. QRadar Risk Manager and QRadar Network Security
• B. QRadar Machine Learning App and Reference Data Import - LDAP
• C. QRadar Asset Profiler App and Palo Alto Networks App for QRadar
• D. QRadar Incident Remediation App and QRadar Artificial Analysis App

Answer: C

NEW QUESTION 8
How can assets be used to help in investigations?

• A. As valuable data sources.
• B. Make searching for offenses easier.
• C. Help connect an offense to a device.
• D. Provide external threat intelligence.

Answer: D

NEW QUESTION 9
Organizations have too many vulnerabilities to remediate and need to focus on the ones that represent the highest risks.
Which question should the prospect be asked to start a conversation on this topic?

• A. Do you currently use a vulnerability scanner?
• B. Can you show me the server room to see the physical security measures?
• C. Do you like the reports you get out of your current Vulnerability Assessment tool?
• D. How do you currently patch vulnerabilities that are most likely to be exploited first?

Answer: A

NEW QUESTION 10
Which categorizes a threat to a type of attack?

• A. Sniffin
• B. Interruption
• C. SQL injection, Interception
• D. Man in the middle, Fabrication
• E. Denial of Service, Modification

Answer: B

NEW QUESTION 11
Which set of items will be checked by IBM before an App is published in the QRadar App Exchange?

• A. * Review the App name, version and description* Ensure there is a C&C channel to the App developer.* Run the App to see if it does anything useful.* Change the code so it will function in newer versions of QRadar.
• B. * Create a Java version of the App* Check for collisions between App page_scripts and QRadar functions.* Verify that the App does not log any information.* Change the code so it will function in newer versions of QRadar.
• C. * Review all APIcalls.* Ensure that there are no hard-coded values.* Run static analysis on any Python and Javascript code* Execute security tests
• D. * Automatically deploy/upgrade the App in all QRadar installations* Review the screen-shots and icons in the App.* minimize any App storage usage* Verify the App will create a dashboard widget.

Answer: B

NEW QUESTION 12
Assuming relevant indexing is enabled, which is the fastest way to search recent data in an ad-hoc manner?

• A. AQL
• B. Quick Filters
• C. Quick Searches
• D. Saved Searches

Answer: C

NEW QUESTION 13
How can QRadar Network Security improve security posture for companies? By using QRadar Network Security, companies can:

• A. implement an application firewall.
• B. perform event monitoring.
• C. perform vulnerability scanning to detect vulnerabilities.
• D. perform application contro
• E. SSL inspection, and disrupt advanced malware

Answer: A

NEW QUESTION 14
Besides a QRadar Console, which additional types of appliance does a typical QRadar Incident Forensics deployment contain?
One or more QRadar Incident Forensics appliances, and:

• A. one or more QRadar Event Collector appliances.
• B. one or more QRadar QFlow Collector appliances.
• C. one or more QRadar Vulnerability Scanner appliances
• D. one or more QRadar Network Packet Capture appliances

Answer: A

NEW QUESTION 15
Which is a valid use case for implementing QRadar reference data collections?

• A. Change all incoming events to add an additional field value.
• B. Provide an index for all data (events and flow data) in real time.
• C. Store hash values and test each incoming hash against this set
• D. Speed up dashboard functions due to caching common widget data sets

Answer: C

NEW QUESTION 16
What does QRadar Network Insight (QNI) create?

• A. An Offense from Events.
• B. A demilitarized zone from Apple Airport data.
• C. OSI Layer 7 packet from OSI Layer 3 flow information.
• D. IPFIX records with deep security content from SPAN or TAN port data.

Answer: C

NEW QUESTION 17
......