Latest C1000-024 Practice Tests with Actual Questions

Get Complete pool of questions with Premium PDF and Test Engine

Exam Code : C1000-024
Exam Name : IBM Grid Scale Cloud Storage V2
Vendor Name : "IBM"






C1000-026 Dumps

C1000-026 Braindumps C1000-026 Real Questions C1000-026 Practice Test C1000-026 Actual Questions


killexams.com


IBM


C1000-026


IBM Security QRadar SIEM V7.3.2 Fundamental Administration


https://killexams.com/pass4sure/exam-detail/C1000-026


Question: 53


An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a "context" keyword:

May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34;

service: 53; protocol: udp; May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; Which options assign the "contextA" logs to DomainA and the "contextB" logs to domain B? (Choose two.)

  1. Create a single log source, create a "Context" custom event property, and assign the log to both domains using a custom rule.

  2. Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.

  3. Create a single log source, create a "Context" custom event property, and assign the log to the correct domain using custom event property value.

  4. Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.

  5. Create a single log source, create a "Context" custom event property, and assign the log to the correct domain using a custom rule.




Answer: BD



Question: 54


Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?

  1. Log Only (exclude Analytics)

  2. Delete data When storage space is required

  3. Bypass Correlation

  4. Delete data immediately after the retention period has expired




Answer: A


Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html


Question: 55


An administrator is seeing the following system notification:

38750057 – A protocol source configuration may be stopping events from being collected. What is a valid user action to this issue?

  1. Re-install the QRadar Console

  2. Review the /var/log/qradar.log file for more information

  3. Restart the QRadar Console

  4. Review the /var/log/error.log file for more information




Answer: D


Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.0/com.ibm.qradar.doc/38750057.html


Question: 56


To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings?

  1. Admin Tab / Asset Retention

  2. Assets Tab / Retention settings

  3. Admin Tab / System settings

  4. Assets Tab / Asset Retention




Answer: C

Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_asset_tuning_ip_retention.html


Question: 57


A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.

Which commands can be used to verify the crossover status? (Choose two.)

  1. /opt/qradar/ha/bin/ha_getstate.sh

  2. /opt/qradar/ha/bin/getStatus crossover

  3. /opt/qradar/ha/bin/qradar_nettune.pl crossover status

  4. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface> status

  5. /opt/qradar/ha/bin/ha cstate

  6. cat /proc/drbd




Answer: CF


Reference: https://www.ibm.com/developerworks/community/forums/html/topic?id=5c01c198-016d-461b-a648-a87cdc445768


Question: 58


An administrator needs to import data into QRadar for a specific use case.

The data that has been provided to the administrator is stored in records that map a key to a value. Which type of data collection must the administrator create?

  1. Reference set

  2. Reference map of sets

  3. Reference map

  4. Reference map of maps




Answer: B


Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_conifig_rul_resp_reference_set.html


Question: 59


An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?

  1. QRadar Event Collector

  2. QRadar Console

  3. Magistrate

  4. QRadar Event Processor




Answer: D


Reference: https://www.ibm.com/support/pages/qradar-global-correlation


Question: 60


An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?

  1. /opt/bin/qradar/support/get_logs.sh

  2. /opt/support/get_logs.sh

  3. /opt/support/qradar/get_logs.sh

  4. /opt/qradar/support/get_logs.sh



Answer: D


Reference: https://www.ibm.com/support/pages/getting-help-what-information-should-be-submitted-qradar-service-request