IBM C1000-026 Exam Questions Instant Access

Question 1

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days.

In which QRadar section can the administrator find the asset retention settings?

AAdmin Tab / Asset Retention

BAssets Tab / Retention settings

CAdmin Tab / System settings

DAssets Tab / Asset Retention

Answer : C

t_qradar_adm_asset_tuning_ip_retention.html

Question 2

An administrator needs to know if a custom rule is being correlated correctly.

Which QRadar component is responsible for this process?

AQRadar Event Collector

BQRadar Console

CMagistrate

DQRadar Event Processor

Answer : D

Question 3

A QRadar upgrade is planned and a maintenance window is scheduled. The administrator must stage the

FIXPACK from IBM Fix Central.

Which QRadar FIXPACK file type must the administrator download?

ARPM

BIMG

CSFS

DXFS

Answer : C

20Security&product=ibm/Other+software/IBM+QRadar+Network

+Insights&release=7.3.0&platform=Linux&function=all

Question 4

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?

ALog Only (exclude Analytics)

BDelete data When storage space is required

CBypass Correlation

DDelete data immediately after the retention period has expired

Answer : A

t_qradar_adm_data_store.html

Question 5

An administrator needs to add the following networks to a QRadar network hierarchy as a single Classless

Inter-Domain Routin (CIDR) range:

192.168.64.0/24

192.168.65.0/24

192.168.66.0/24

192.168.67.0/24

What is the correct supernet for these subnets?

ANetwork 192.168.66.0 with subnet mask 255.255.252.0

BNetwork 192.168.64.0 with subnet mask 255.255.252.0

CNetwork 192.168.64.0 with subnet mask 255.255.255.0

DNetwork 192.168.66.0 with subnet mask 255.255.252.0

Answer : B

Question 6

Due to regulatory constraints, an administrator must increase the minimum password length and complexity.

In which QRadar section can the administrator change this setting?

AAdmin / System settings

BAdmin / Password policy

CAdmin / Security profiles

DAdmin / Authentication

Answer : B

alps_configuring_admin_settings.htm

Question 7

An administrator is seeing the following system notification:

38750057 -- A protocol source configuration may be stopping events from being collected.

What is a valid user action to this issue?

ARe-install the QRadar Console

BReview the /var/log/qradar.log file for more information

CRestart the QRadar Console

DReview the /var/log/error.log file for more information

Answer : D

com.ibm.qradar.doc/38750057.html

IBM Security QRadar SIEM V7.3.2 Fundamental Administration C1000-026 Exam Questions