IBM C1000-026 Exam Practice Test Instant Access

Question 1

An administrator needs to know if a custom rule is being correlated correctly.

Which QRadar component is responsible for this process?

AQRadar Event Collector

BQRadar Console

CMagistrate

DQRadar Event Processor

Answer : D

Question 2

An administrator is seeing the following system notification:

38750057 -- A protocol source configuration may be stopping events from being collected.

What is a valid user action to this issue?

ARe-install the QRadar Console

BReview the /var/log/qradar.log file for more information

CRestart the QRadar Console

DReview the /var/log/error.log file for more information

Answer : D

com.ibm.qradar.doc/38750057.html

Question 3

What is the minimum memory in gigabyte (GB) required for a QRadar All-in-One Virtual 3199 appliance?

A128

B32

C24

D16

Answer : B

c_qradar_ha_vrt_ap_reqs.html

Question 4

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module

(DSM), a protocol, or Vulnerability Information Services (VIS) components, the following error message

appears.

An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem

persists, please contact customer support for assistance.

What action should the administrator take to troubleshoot this issue? (Choose two.)

Asystemctl restart snmpd

Bsystemctl restart iptables

Csystemctl restart ecs-ep

Dsystemctl start tomcat

Esystemctl restart httpd

FClear browser cache

Answer : D, F

t_QRadar_Troubleshooting_guide_PurgeFiles.html

Question 5

An administrator needs to import data into QRadar for a specific use case.

The data that has been provided to the administrator is stored in records that map a key to a value.

Which type of data collection must the administrator create?

AReference set

BReference map of sets

CReference map

DReference map of maps

Answer : B

t_qradar_conifig_rul_resp_reference_set.html

Question 6

An administrator has been tasked to run all health checks at once using the DrQ command before a major

event happens, such as an upgrade.

What does the DrQ command do?

AIt runs all available checks in /opt/ibm/si/diagnostiq with the checkup mode and with the summary output
mode.

BIt shows all the available drives on the QRadar managed host.

CIt runs all available checks in /opt/ibm/si/diagnostiq and writes the results in a txt file.

DIt checks all the available drives on the QRadar managed host and writes the results on a txt file.

Answer : A

t_drq_running_health_checks.html

Question 7

An administrator logs into the QRadar Console to review the stored backup files. There is an exclamation

mark beside some files.

What is the cause of this?

ACanceled backup files

BMissing backup files

CCorrupted backup files

DIncomplete backup files

Answer : B

IBM Security QRadar SIEM V7.3.2 Fundamental Administration C1000-026 Exam Practice Test