C1000-026 Online Practice Questions and Answers

An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?

A. /opt/bin/qradar/support/get_logs.sh

B. /opt/support/get_logs.sh

C. /opt/support/qradar/get_logs.sh

D. /opt/qradar/support/get_logs.sh

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a "context" keyword:

May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

Which options assign the "contextA" logs to DomainA and the "contextB" logs to domain B? (Choose two.)

A. Create a single log source, create a "Context" custom event property, and assign the log to both domains using a custom rule.

B. Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.

C. Create a single log source, create a "Context" custom event property, and assign the log to the correct domain using custom event property value.

D. Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.

E. Create a single log source, create a "Context" custom event property, and assign the log to the correct domain using a custom rule.

An administrator has added a new Event Processor to a QRadar deployment.

How many events per second (EPS) are granted from the temporary license and how many days will those EPS last?

A. 10000 EPS for a 35 day period

B. 5000 EPS for a 45 day period

C. 10000 EPS for a 45 day period

D. 5000 EPS for a 35 day period

How many default dashboards does QRadar have?

A. 4

B. 5

C. 7

D. 6

Which app should be used for monitoring QRadar performance and health?

A. QRadar Deployment Intelligence

B. QRadar Monitoring Intelligence

C. QRadar Extension Management

D. QRadar Performance Overview

An administrator modified a configuration setting in the Global System Notifications using the QRadar Console Admin tab.

What is the last step to apply changes?

A. Reload Web Server

B. Restart Services

C. Re-login to QRadar console

D. Deploy Changes

An administrator wants to have all QRadar apps running on a new App Host that was configured to have dedicated CPU, storage and memory resources for the Apps. Several issues were presented during the installation of the App Host.

To troubleshoot, what should the administrator check?

A. If the completion of the /opt/qradar/check_app_host.sh script was successful

B. If port 5000 is opened on the console

C. If an IP table entry was already created to allow traffic from the App Host IP

D. If IP tables are disabled on the console

An administrator needs to combine multiple extraction and calculation-based properties into a single property.

Which Ariel Query Language (AQL) statement can be used?

A. AQL-based custom properties

B. AQL functions and SELECT, FROM, or database names

C. AQL functions and AQL-based custom properties

D. AQL functions

After fixing the assets that contributed to the asset growth deviation, an administrator needs to find the asset artifacts that have to be cleaned up.

What action should the administrator take to find the artifacts?

A. On the "Log Activity" tab, run the "Deviating Asset Growth: Asset Report event search"

B. On the Admin Tab, select System Configuration --> Asset Profiler Configuration

C. Run the ./cleanAssets.sh --list command

D. On the Asset tab, run the "Clean Assets" action

An administrator receives an expensive custom rule notification.

Which tool can now be enabled via the Advanced `System Settings' ?Custom Rule Settings to help troubleshoot this?

A. Offense Analysis

B. Rule Analysis

C. Custom Rule Analysis

D. Performance Analysis