Free IBM Security QRadar SIEM V7.3.2 Fundamental Administration C1000-026 Exam Practice Test

How many default dashboards does QRadar have?

• 4
  
• 5
  
• 7
  
• 6
  

An administrator needs to add, delete and modify user accounts.When deleting a user, what dependency checks are carried out?

• Custom Rules, Historical Correlation Profiles, Security Profiles
  
• Custom Rules, Report and Search Criteria, Security Roles
  
• Custom Rules, Security Profiles, Report and Search Criteria
  
• Custom Rules, Report and Search Criteria, Historical Correlation Profiles
  

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossoverlink status between the primary and secondary hosts.Which commands can be used to verify the crossover status? (Choose two.)

• /opt/qradar/ha/bin/ha_getstate.sh
  
• /opt/qradar/ha/bin/getStatus crossover
  
• /opt/qradar/ha/bin/qradar_nettune.pl crossover status
  
• /opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface> status
  
• /opt/qradar/ha/bin/ha cstate
  
• cat /proc/drbd
  

An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regularexpression, the administrator wants to extract a specific part of the log showing the matching ''policy ID'' of theIDS.Which type of property must the administrator create?

• Custom event property
  
• Custom flow property
  
• Custom asset property
  
• Normalized event property
  

A custom rule is generating events reporting that a specific user is failing to login too many times in the last 5minutes. The administrator opens the event details to investigate the anomaly associated with the events butfinds that no Anomaly details pane is shown.What is the reason?The events were generated by:

• a Behavioral Detection Rule
  
• an Anomaly Detection Rule
  
• a Threshold Detection Rule
  
• a standard Custom Rule
  

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days.In which QRadar section can the administrator find the asset retention settings?

• Admin Tab / Asset Retention
  
• Assets Tab / Retention settings
  
• Admin Tab / System settings
  
• Assets Tab / Asset Retention
  

When troubleshooting issues with QRadar applications, which application Docker container log file can beused to get more information about the apps?

• /var/log/qradar.error
  
• /var/log/qradar.log
  
• /var/log/app.log
  
• /store/log/app.log
  

An administrator needs to upgrade their QRadar environment. The administrator has downloaded thePatchupdate File from Fixcentral and transferred this Image to the Appliance.Which commands does the administrator need to run to start the upgrade process?

• 1. cd/medial/updates
  2. systemctl stop Qradar
  3. Qradar.sh upgrade all
  4. systemctl reboot
  
• 1. mount --o loop --t squashfs XX_patchupdate.sfs /media/updates
  2. cd /media/updates
  3. /installer
  
• 1. cd /media/updates
  2. yum update XX_patchupdate.sfs
  
• 1. patch XX_patchupdate.sfs
  

Which event QID test is used to send an email as a rule response when disk usage reaches a threshold?

• (38750076) Disk Sentry Reached Warn threshold
  
• (38750076) Disk Sentry Disk Usage Exceeded Warning threshold levels
  
• (38750076) Disk Usage Exceeded Warn threshold
  
• (38750076) Disk Sentry Disk Usage Exceeded Warn threshold
  

An administrator has been tasked to run all health checks at once using the DrQ command before a majorevent happens, such as an upgrade.What does the DrQ command do?

• It runs all available checks in /opt/ibm/si/diagnostiq with the checkup mode and with the summary output
  mode.
  
• It shows all the available drives on the QRadar managed host.
  
• It runs all available checks in /opt/ibm/si/diagnostiq and writes the results in a txt file.
  
• It checks all the available drives on the QRadar managed host and writes the results on a txt file.