IBM C1000-026 시험

Question No : 1

An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.
What should the administrator do to complete the HA configuration?

• A.Add the secondary console to the deployment, and then create the HA host.
• B.Reinstall the QRadar software on the secondary console using an “HA Recovery Setup”.
• C.Select “Secondary Host” on the wizard when adding the secondary host to the deployment.
• D.Create the HA host to add the secondary console to the deployment.

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.1/com.ibm.qradar.doc/ b_qradar_ha_guide.pdf

Question No : 2

A QRadar user reported the following notification:
38750099 C The accumulator was unable to aggregate all events/flows for this interval
When does this message appear?

• A.When the aggregate data view configuration that is in memory is unable to write data to the database
• B.When the system is unable to accumulate data aggregations within 60 seconds
• C.When aggregated data views are disabled
• D.When search results is unable to return over 200 unique objects

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc/38750099.html

Question No : 3

Which of the following dashboards is a QRadar default Dashboard?

• A.Compliance and Reporting Monitoring
• B.Vulnerability Overview
• C.Monitoring Overview
• D.Threat and Security Monitoring

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/c_qrm_default_dboard.html

Question No : 4

What is a reason for restarting hostcontext service in QRadar?

• A.A new user was created and it needs to be replicated
• B.A new network hierarchy was uploaded
• C.A new app was installed
• D.The host is not responding to deploy requests

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-restarting-hostcontext-q-switch

Question No : 5

A company has two different domains in their IBM QRadar system: Domain_A and Domain_B. An administrator has been tasked to create a rule to look only at events that are tagged with Domain_A and ignore rules that are tagged with the other domains.
What domain text should the administrator use to create this rule?

• A.is from domain: Domain_A
• B.from domain: Domain_A
• C.domain is: Domain_A
• D.domain is one of: Domain_A

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.qradar.doc/c_domain_specific_rules_offenses.html

Question No : 6

An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching “policy ID” of the IDS.
Which type of property must the administrator create?

• A.Custom event property
• B.Custom flow property
• C.Custom asset property
• D.Normalized event property

답을 확인하기

정답:

Question No : 7

Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?

• A.Select login failures followed by success to the same username
• B.Select multiple login failures from the same source
• C.Select multiple login failures to the same destination
• D.Select multiple login failures for a single username

답을 확인하기

정답:

Question No : 8

An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts.
Which command can the administrator use to accomplish this?

• A./opt/qradar/support/all_servers.sh systemctl restart systemd-timedated.service
• B./opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh
• C./sbin/hwclock Csystohc /opt/qradar/bin/time_sync.sh
• D./opt/qradar/support/all_servers.sh service ntpd restart

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-configuring-ntp-settings-qradar-appliance

Question No : 9

yum update XX_patchupdate.sfs
D. 1. patch XX_patchupdate.sfs

답을 확인하기

정답: B

Question No : 10

How many default dashboards does QRadar have?

• A.4
• B.5
• C.7
• D.6

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.0/com.ibm.qradar.doc/c_qradar_customize_dboard.html

Question No : 11

An administrator has added a new Event Processor to a QRadar deployment.
How many events per second (EPS) are granted from the temporary license and how many days will those EPS last?

• A.10000 EPS for a 35 day period
• B.5000 EPS for a 45 day period
• C.10000 EPS for a 45 day period
• D.5000 EPS for a 35 day period

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.0/com.ibm.qradar.doc/c_qradar_adm_license_mgmt.html

Question No : 12

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?

• A./var/log/qradar.audit
• B./var/log/qradar.log
• C./var/log/setup-*/patches.log
• D./var/log/upgrade.log

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/pages/qradar-unable-run-patch-installer-and-update-exits­screen-terminating-message

Question No : 13

Due to regulatory constraints, an administrator must increase the minimum password length and complexity.
In which QRadar section can the administrator change this setting?

• A.Admin / System settings
• B.Admin / Password policy
• C.Admin / Security profiles
• D.Admin / Authentication

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/en/SSHLHV_5.4.0/com.ibm.alps.doc/tasks/alps_configuring_admin_settings.htm

Question No : 14

168.67.0/24
What is the correct supernet for these subnets?

• A.Network 192.168.66.0 with subnet mask 255.255.252.0
• B.Network 192.168.64.0 with subnet mask 255.255.252.0
• C.Network 192.168.64.0 with subnet mask 255.255.255.0
• D.Network 192.168.66.0 with subnet mask 255.255.252.0

답을 확인하기

정답:

Question No : 15

An administrator plans to deploy multiple log sources that share a common configuration.
How many log sources can be added at one time?

• A.1000
• B.750
• C.250
• D.500

답을 확인하기

정답:
Explanation:
Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html