IBM C1000-026 Exam Practice Test Instant Access

Question 1

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation.

How can the administrator tune the configuration of the Asset Profiler?

AIn the System Configuration section of the Admin, access the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

BIn the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

COn the navigation menu, click Admin, click the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

DIn the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

Answer : B

t_qradar_adm_asset_tuning_ip_retention.html

Question 2

An administrator would like to add a new managed host which uses an existing Network Address Translation (NAT).

Which parameters have to be provided if ''Host is NATed'' is chosen while adding a managed host?

ASelect Network Attached Telemetric, Enter MAC address of the server or appliance to add

BSelect NATed network, Enter public IP of the server or appliance to add

CSelect NATed network, Enter MAC address of the server or appliance to add

DSelect Network Attached Telemetric, Enter public IP of the server or appliance to add

Answer : B

sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=2ahUKEwihsu3Li5XmAhVYwAIHHeCLDtoQFjAAegQIBhAC

&url=https%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fcommunity%2Fforums%2Fajax%2Fdownload

%2Fd5b20a5b-11bd-4a1d-b294-08ec138eb0e1%2F9d086dd8-eee9-4cbd-912d-26059ffdd0ca%

2FQRadar_721_AdminGuide.pdf&usg=AOvVaw1GO4OmOjWV7uiyCLrdE0FV

Question 3

What happens if QRadar receives events at a higher rate than the license allows?

AThe events will be put into queues

BThe source system will be asked to resend the events later

CThe events will not be parsed

DThe events will be dropped immediately

Answer : A

Question 4

An administrator enters the QRadar web console into a web browser but does not get a response.

Which process is responsible for the QRadar GUI?

Atomcat

Bconsoled

Cmagistrated

Dguid

Answer : A

Question 5

An administrator needs to develop advanced filters to retrieve information from the QRadar System pertaining

to the top abnormal events of the most bandwidth-intensive IP addresses.

How can the administrator do this?

ABuild an AQL query using the QRadar Scratchpad

BCombine GROUP BY and ORDER BY clauses in a single query

CUse the IBM DataStudio to create the query

DBuild an AQL query using the QRadar GUI using Assets > Search Filter

Answer : B

b_qradar_aql.pdf (21)

Question 6

An administrator needs to import a list of HR staff logins into a reference set.

Which file type can be used with the import function in the reference set editor window?

Axml

Bcsv

Cxls

Djson

Answer : B

c_qradar_adm_refdata_ui.html

Question 7

An administrator is seeing the following system notification:

38750057 -- A protocol source configuration may be stopping events from being collected.

What is a valid user action to this issue?

ARe-install the QRadar Console

BReview the /var/log/qradar.log file for more information

CRestart the QRadar Console

DReview the /var/log/error.log file for more information

Answer : D

com.ibm.qradar.doc/38750057.html

IBM C1000-026 IBM Security QRadar SIEM V7.3.2 Fundamental Administration Exam Practice Test