C1000-026 Exam Format | C1000-026 Course Contents | C1000-026 Course Outline | C1000-026 Exam Syllabus | C1000-026 Exam Objectives

Number of questions: 60

Number of questions to pass: 40

Time allowed: 90 mins

Status: Live



Section 1: Implementing 8%

Plan and design QRadar deployment.

Implement and install QRadar.

Add Managed Hosts.



Section 2: Migrating and upgrading 12%

Plan QRadar upgrade and migration.

Review documentation and release notes.

Perform QRadar updates, patches and upgrades.

Perform migration (e.g., backup and restore, import and export content).



Section 3: Configuring and administering tasks 42%

Configure event flow sources and custom properties.

Maintain configuration and data backups.

Create and administer users, user roles, and security profiles.

Manage the license per allocation.

Create, review and modify rules, building blocks and reference sets.

Configure and manage retention policies (i.e., data and assets).

Create and manage saved searches, index, global views, dashboards and reports.

Deploy and manage applications and content packages.

Configure global system notifications.

Configure and apply network hierarchy.

Configure and manage domain and tenants.

Use the asset database.

Schedule and run a VA scan.



Section 4: Monitoring 25%

Monitor QRadar Notifications and error messages.

Review and interpret system monitoring dashboards.

Verify QRadar processes and services.

Monitor QRadar performance.

Use apps and tools for monitoring (e.g., QDI, assistant app, incident overview, DrQ).

Check system maintenance and health of appliances.

Monitor offenses and detect anomalies.



Section 5: Troubleshooting 13%

Demonstrate knowledge of key commands to interpret QRadar services and processes.

Explain error messages and notifications.

Interpret the basic logs (e.g., qradar.error, qradar.log).

Use embedded troubleshooting tools and scripts.