IBM C1000-026 Exam Questions Instant Access

Question 1

An administrator needs data backup.

What information is contained in the data backup?

AAudit log information, Event data, Flow data, Report data, Indexes, Log sources

BAudit log information, Event data, Indexes, Index management information, Flow data, Report data

CAudit log information, Event data, Flow data, Report data, Indexes

DAudit log information, Event data, Indexes, Index management information, Flow data, Report data, Groups

Answer : C

c_qradar_adm_man_back_recovery.html

Question 2

An administrator needs to import data into QRadar for a specific use case.

The data that has been provided to the administrator is stored in records that map a key to a value.

Which type of data collection must the administrator create?

AReference set

BReference map of sets

CReference map

DReference map of maps

Answer : B

t_qradar_conifig_rul_resp_reference_set.html

Question 3

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation.

How can the administrator tune the configuration of the Asset Profiler?

AIn the System Configuration section of the Admin, access the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

BIn the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

COn the navigation menu, click Admin, click the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

DIn the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

Answer : B

t_qradar_adm_asset_tuning_ip_retention.html

Question 4

An administrator needs to develop advanced filters to retrieve information from the QRadar System pertaining

to the top abnormal events of the most bandwidth-intensive IP addresses.

How can the administrator do this?

ABuild an AQL query using the QRadar Scratchpad

BCombine GROUP BY and ORDER BY clauses in a single query

CUse the IBM DataStudio to create the query

DBuild an AQL query using the QRadar GUI using Assets > Search Filter

Answer : B

b_qradar_aql.pdf (21)

Question 5

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module

(DSM), a protocol, or Vulnerability Information Services (VIS) components, the following error message

appears.

An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem

persists, please contact customer support for assistance.

What action should the administrator take to troubleshoot this issue? (Choose two.)

Asystemctl restart snmpd

Bsystemctl restart iptables

Csystemctl restart ecs-ep

Dsystemctl start tomcat

Esystemctl restart httpd

FClear browser cache

Answer : D, F

t_QRadar_Troubleshooting_guide_PurgeFiles.html

Question 6

An administrator needs to import a list of HR staff logins into a reference set.

Which file type can be used with the import function in the reference set editor window?

Axml

Bcsv

Cxls

Djson

Answer : B

c_qradar_adm_refdata_ui.html

Question 7

An administrator has been tasked to run all health checks at once using the DrQ command before a major

event happens, such as an upgrade.

What does the DrQ command do?

AIt runs all available checks in /opt/ibm/si/diagnostiq with the checkup mode and with the summary output
mode.

BIt shows all the available drives on the QRadar managed host.

CIt runs all available checks in /opt/ibm/si/diagnostiq and writes the results in a txt file.

DIt checks all the available drives on the QRadar managed host and writes the results on a txt file.

Answer : A

t_drq_running_health_checks.html

IBM Security QRadar SIEM V7.3.2 Fundamental Administration C1000-026 Exam Questions