Download IBM.C1000-026.ActualTests.2020-03-20.32q.vcex

Download Exam

File Info

Exam IBM Security QRadar SIEM V7.3.2 Fundamental Administration
Number C1000-026
File Name IBM.C1000-026.ActualTests.2020-03-20.32q.vcex
Size 24 KB
Posted Mar 20, 2020
Download IBM.C1000-026.ActualTests.2020-03-20.32q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

An administrator needs to import data into QRadar for a specific use case. 
The data that has been provided to the administrator is stored in records that map a key to a value. 
Which type of data collection must the administrator create?


  1. Reference set
  2. Reference map of sets
  3. Reference map
  4. Reference map of maps
Correct answer: B
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_conifig_rul_resp_reference_set.html
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_conifig_rul_resp_reference_set.html



Question 2

An administrator needs to know if a custom rule is being correlated correctly. 
Which QRadar component is responsible for this process?


  1. QRadar Event Collector
  2. QRadar Console
  3. Magistrate
  4. QRadar Event Processor
Correct answer: D
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-global-correlation
Reference: https://www.ibm.com/support/pages/qradar-global-correlation



Question 3

An administrator needs to collect logs from the Command Line Interface (CLI). 
Which command should the administrator use?


  1. /opt/bin/qradar/support/get_logs.sh
  2. /opt/support/get_logs.sh
  3. /opt/support/qradar/get_logs.sh
  4. /opt/qradar/support/get_logs.sh
Correct answer: D
Explanation:
Reference: https://www.ibm.com/support/pages/getting-help-what-information-should-be-submitted-qradar-service-request
Reference: https://www.ibm.com/support/pages/getting-help-what-information-should-be-submitted-qradar-service-request



Question 4

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. 
In which QRadar section can the administrator find the asset retention settings?


  1. Admin Tab / Asset Retention
  2. Assets Tab / Retention settings
  3. Admin Tab / System settings
  4. Assets Tab / Asset Retention
Correct answer: C
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_asset_tuning_ip_retention.html
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_asset_tuning_ip_retention.html



Question 5

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. 
Which commands can be used to verify the crossover status? (Choose two.)


  1. /opt/qradar/ha/bin/ha_getstate.sh
  2. /opt/qradar/ha/bin/getStatus crossover
  3. /opt/qradar/ha/bin/qradar_nettune.pl crossover status
  4. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface> status
  5. /opt/qradar/ha/bin/ha cstate
  6. cat /proc/drbd
Correct answer: CE
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-verifying-ha-crossover-connections-qradarnettunepl
Reference: https://www.ibm.com/support/pages/qradar-verifying-ha-crossover-connections-qradarnettunepl



Question 6

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?


  1. Log Only (exclude Analytics)
  2. Delete data When storage space is required
  3. Bypass Correlation
  4. Delete data immediately after the retention period has expired
Correct answer: A
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html



Question 7

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a “context” keyword:
May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
Which options assign the “contextA” logs to DomainA and the “contextB” logs to domain B? (Choose two.)


  1. Create a single log source, create a “Context” custom event property, and assign the log to both domains using a custom rule.
  2. Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.
  3. Create a single log source, create a “Context” custom event property, and assign the log to the correct domain using custom event property value.
  4. Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.
  5. Create a single log source, create a “Context” custom event property, and assign the log to the correct domain using a custom rule.
Correct answer: BD



Question 8

An administrator plans to deploy multiple log sources that share a common configuration. 
How many log sources can be added at one time?


  1. 1000
  2. 750
  3. 250
  4. 500
Correct answer: D
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html



Question 9

An administrator needs to add the following networks to a QRadar network hierarchy as a single Classless Inter-Domain Routin (CIDR) range:
192.168.64.0/24 
192.168.65.0/24 
192.168.66.0/24 
192.168.67.0/24 
What is the correct supernet for these subnets?


  1. Network 192.168.66.0 with subnet mask 255.255.252.0
  2. Network 192.168.64.0 with subnet mask 255.255.252.0
  3. Network 192.168.64.0 with subnet mask 255.255.255.0
  4. Network 192.168.66.0 with subnet mask 255.255.252.0
Correct answer: B



Question 10

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?


  1. /var/log/qradar.audit
  2. /var/log/qradar.log
  3. /var/log/setup-*/patches.log
  4. /var/log/upgrade.log
Correct answer: C
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-unable-run-patch-installer-and-update-exits-screen-terminating-message
Reference: https://www.ibm.com/support/pages/qradar-unable-run-patch-installer-and-update-exits-screen-terminating-message









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files