Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. IBM
  3. IBM Security
  4. C1000-026 - IBM Security QRadar SIEM V7.3.2 Fundamental Administration

IBM C1000-026 IBM Security QRadar SIEM V7.3.2 Fundamental Administration Exam Practice Test

Demo: 9 questions
Total 60 questions
Get C1000-026 Full Access Download C1000-026 PDF

IBM Security QRadar SIEM V7.3.2 Fundamental Administration Questions and Answers

Question 1

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation.

How can the administrator tune the configuration of the Asset Profiler?

Options:

A.

In the System Configuration section of the Admin, access the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

B.

In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

C.

On the navigation menu, click Admin, click the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

D.

In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

Question 2

An administrator has been tasked to run all health checks at once using the DrQ command before a major

event happens, such as an upgrade.

What does the DrQ command do?

Options:

A.

It runs all available checks in /opt/ibm/si/diagnostiq with the checkup mode and with the summary output

mode.

B.

It shows all the available drives on the QRadar managed host.

C.

It runs all available checks in /opt/ibm/si/diagnostiq and writes the results in a txt file.

D.

It checks all the available drives on the QRadar managed host and writes the results on a txt file.

Question 3

An administrator would like to extend the functionality of QRadar using an external application.

Which file format is supported to successfully upload an application from the QRadar Console?

Options:

A.

.zip

B.

.tgz

C.

.sh

D.

.exe

Question 4

An administrator needs to combine multiple extraction and calculation-based properties into a single property.

Which Ariel Query Language (AQL) statement can be used?

Options:

A.

AQL-based custom properties

B.

AQL functions and SELECT, FROM, or database names

C.

AQL functions and AQL-based custom properties

D.

AQL functions

Question 5

Due to regulatory constraints, an administrator must increase the minimum password length and complexity.

In which QRadar section can the administrator change this setting?

Options:

A.

Admin / System settings

B.

Admin / Password policy

C.

Admin / Security profiles

D.

Admin / Authentication

Question 6

Which of the following dashboards is a QRadar default Dashboard?

Options:

A.

Compliance and Reporting Monitoring

B.

Vulnerability Overview

C.

Monitoring Overview

D.

Threat and Security Monitoring

Question 7

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?

Options:

A.

Log Only (exclude Analytics)

B.

Delete data When storage space is required

C.

Bypass Correlation

D.

Delete data immediately after the retention period has expired

Question 8

An administrator wants to have all QRadar apps running on a new App Host that was configured to have

dedicated CPU, storage and memory resources for the Apps. Several issues were presented during the

installation of the App Host.

To troubleshoot, what should the administrator check?

Options:

A.

If the completion of the /opt/qradar/check_app_host.sh script was successful

B.

If port 5000 is opened on the console

C.

If an IP table entry was already created to allow traffic from the App Host IP

D.

If IP tables are disabled on the console

Question 9

A company has two different domains in their IBM QRadar system: Domain_A and Domain_B. An

administrator has been tasked to create a rule to look only at events that are tagged with Domain_A and

ignore rules that are tagged with the other domains.

What domain text should the administrator use to create this rule?

Options:

A.

is from domain: Domain_A

B.

from domain: Domain_A

C.

domain is: Domain_A

D.

domain is one of: Domain_A

Load More C1000-026 Questions
Demo: 9 questions
Total 60 questions
Get C1000-026 Full Access Download C1000-026 PDF