C1000-026

An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?A . QRadar Event CollectorB . QRadar ConsoleC . MagistrateD . QRadar Event ProcessorView AnswerAnswer: D Explanation: Reference: https://www.ibm.com/support/pages/qradar-global-correlation

An administrator plans to deploy multiple log sources that share a common configuration. How many log sources can be added at one time?A . 1000B . 750C . 250D . 500View AnswerAnswer: D Explanation: Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings?A . Admin Tab / Asset RetentionB . Assets Tab / Retention settingsC . Admin Tab / System settingsD . Assets Tab...

What is a reason for restarting hostcontext service in QRadar?A . A new user was created and it needs to be replicatedB . A new network hierarchy was uploadedC . A new app was installedD . The host is not responding to deploy requestsView AnswerAnswer: D Explanation: Reference: https://www.ibm.com/support/pages/qradar-restarting-hostcontext-q-switch

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can be used to verify the crossover status? (Choose two.)A . /opt/qradar/ha/bin/ha_getstate.shB . /opt/qradar/ha/bin/getStatus crossoverC . /opt/qradar/ha/bin/qradar_nettune.pl crossover statusD . /opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface>...

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?A . /var/log/qradar.auditB . /var/log/qradar.logC . /var/log/setup-*/patches.logD . /var/log/upgrade.logView AnswerAnswer: C Explanation: Reference: https://www.ibm.com/support/pages/qradar-unable-run-patch-installer-and-update-exits­screen-terminating-message

DRAG DROP You need to design a data architecture to bring together all your data at any scale and provide insights into all your users through the use of analytical dashboards, operational reports, and advanced analytics. How should you complete the architecture? To answer, drag the appropriate Azure services to...

An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts. Which command can the administrator use to accomplish this?A . /opt/qradar/support/all_servers.sh systemctl restart...

Due to regulatory constraints, an administrator must increase the minimum password length and complexity. In which QRadar section can the administrator change this setting?A . Admin / System settingsB . Admin / Password policyC . Admin / Security profilesD . Admin / AuthenticationView AnswerAnswer: B Explanation: Reference: https://www.ibm.com/support/knowledgecenter/en/SSHLHV_5.4.0/com.ibm.alps.doc/tasks/alps_configuring_admin_settings.htm

An administrator plans to deploy multiple log sources that share a common configuration. How many log sources can be added at one time?A . 1000B . 750C . 250D . 500View AnswerAnswer: D Explanation: Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html