IBM C1000-026 Exam Questions

Question 6 of 60

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?

A.

Log Only (exclude Analytics)

B.

Delete data When storage space is required

C.

Bypass Correlation

D.

Delete data immediately after the retention period has expired

Question 7 of 60

An administrator is seeing the following system notification:
38750057 `" A protocol source configuration may be stopping events from being collected.
What is a valid user action to this issue?

A.

Re-install the QRadar Console

B.

Review the /var/log/qradar.log file for more information

C.

Restart the QRadar Console

D.

Review the /var/log/error.log file for more information

Question 8 of 60

An administrator needs to import a list of HR staff logins into a reference set.
Which file type can be used with the import function in the reference set editor window?

A.

xml

B.

csv

C.

xls

D.

json

Question 9 of 60

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and
Domain B. While reviewing the following sample logs, the administrator notices a `context` keyword:
May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
Which options assign the `contextA` logs to DomainA and the `contextB` logs to domain B? (Choose two.)

A.

Create a single log source, create a ג€Contextג€ custom event property, and assign the log to both domains using a custom rule.

B.

Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.

C.

Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using custom event property value.

D.

Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.

E.

Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using a custom rule.

Question 10 of 60

An administrator plans to deploy multiple log sources that share a common configuration.
How many log sources can be added at one time?

A.

1000

B.

750

C.

250

D.

500