ExamTopics Logo
Mail Us[email protected]
Menu
Ibm Discussions
exam questions

Exam C2150-614 All Questions

View all questions & answers for the C2150-614 exam
Go to Exam

Exam C2150-614 topic 1 question 9 discussion

Actual exam question from IBM's C2150-614
Question #: 9
Topic #: 1
[All C2150-614 Questions]

A client has configured a log source to forward events to IBM Security QRadar SIEM V7.2.7. It is recommended that the log source level be configured at the notice level by the DSM Guide, but the client has a policy to log all events at a debug level.
The Deployment Professional notices that the configured DSM is parsing most events, but some are being labeled as stored. The client is very interested in correlating some of the events that are being stored.
What should be created to meet this client's goal?

  • A. Custom flow property
  • B. Custom event property
  • C. Custom DSM for parsing overrule
  • D. Custom DSM for parsing enhancement
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Parsing Enhancement - When the DSM is unable to parse correctly and the event is categorized as stored, the selected log source extension extends the failing parsing by creating a new event as if the new event came from the DSM.
References: IBM Security QRadar SIEM Version 7.1.0 MR1, Log Sources User Guide, page 6
by zelesu at April 5, 2025, 9:21 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel