C1000-026 Online Practice Questions and Answers
An administrator needs to import data into QRadar for a specific use case.
The data that has been provided to the administrator is stored in records that map a key to a value.
Which type of data collection must the administrator create?
A. Reference set
B. Reference map of sets
C. Reference map
D. Reference map of maps
Due to regulatory constraints, an administrator must increase the minimum password length and complexity.
In which QRadar section can the administrator change this setting?
A. Admin / System settings
B. Admin / Password policy
C. Admin / Security profiles
D. Admin / Authentication
Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?
A. /var/log/qradar.audit
B. /var/log/qradar.log
C. /var/log/setup-*/patches.log
D. /var/log/upgrade.log
An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts.
Which command can the administrator use to accomplish this?
A. /opt/qradar/support/all_servers.sh systemctl restart systemd-timedated.service
B. /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh
C. /sbin/hwclock –systohc /opt/qradar/bin/time_sync.sh
D. /opt/qradar/support/all_servers.sh service ntpd restart
A QRadar user reported the following notification:
38750099 – The accumulator was unable to aggregate all events/flows for this interval
When does this message appear?
A. When the aggregate data view configuration that is in memory is unable to write data to the database
B. When the system is unable to accumulate data aggregations within 60 seconds
C. When aggregated data views are disabled
D. When search results is unable to return over 200 unique objects
An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.
What should the administrator do to complete the HA configuration?
A. Add the secondary console to the deployment, and then create the HA host.
B. Reinstall the QRadar software on the secondary console using an "HA Recovery Setup".
C. Select "Secondary Host" on the wizard when adding the secondary host to the deployment.
D. Create the HA host to add the secondary console to the deployment.
An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.
Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh
These commands collect thread and statistical information on the Services pipeline, queues and filters.
How would an administrator identify a list of jmx ports for each service?
A. grep JMXPORT /opt/qradar/init/*
B. grep JMXPORT /opt/qradar/systemd/env/*
C. grep JMXPORT /opt/qradar/system/bin/*
D. grep JMXPORT /opt/qradar/system/mem/*
After fixing the assets that contributed to the asset growth deviation, an administrator needs to find the asset artifacts that have to be cleaned up.
What action should the administrator take to find the artifacts?
A. On the "Log Activity" tab, run the "Deviating Asset Growth: Asset Report event search"
B. On the Admin Tab, select System Configuration --> Asset Profiler Configuration
C. Run the ./cleanAssets.sh --list command
D. On the Asset tab, run the "Clean Assets" action
An administrator needs to develop advanced filters to retrieve information from the QRadar System pertaining to the top abnormal events of the most bandwidth-intensive IP addresses.
How can the administrator do this?
A. Build an AQL query using the QRadar Scratchpad
B. Combine GROUP BY and ORDER BY clauses in a single query
C. Use the IBM DataStudio to create the query
D. Build an AQL query using the QRadar GUI using Assets > Search Filter
An administrator installed a new App Host and would like to move the existing applications from the Console to the App Host.
What steps should be performed?
A. Admin Tab > Extension Management > Click to change where apps are run
B. Admin Tab > System Settings > Move apps
C. Admin Tab > Extension Management > Move apps
D. Admin Tab > System and License Management > Click to change where apps are run