IBM Security QRadar SIEM V7.3.2 Fundamental Administration (C1000-026) Free Practice Test

Question 1

An administrator needs to import data into QRadar for a specific use case.
The data that has been provided to the administrator is stored in records that map a key to a value.
Which type of data collection must the administrator create?

A. Reference map of maps

B. Reference set

C. Reference map of sets

D. Reference map

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

An administrator needs to combine multiple extraction and calculation-based properties into a single property.
Which Ariel Query Language (AQL) statement can be used?

A. AQL-based custom properties

B. AQL functions and SELECT, FROM, or database names

C. AQL functions

D. AQL functions and AQL-based custom properties

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

What happens if QRadar receives events at a higher rate than the license allows?

A. The events will be dropped immediately

B. The events will not be parsed

C. The events will be put into queues

D. The source system will be asked to resend the events later

Correct Answer: C

Question 4

An administrator needs to know if a custom rule is being correlated correctly.
Which QRadar component is responsible for this process?

A. QRadar Console

B. Magistrate

C. QRadar Event Collector

D. QRadar Event Processor

Correct Answer: D

Question 5

An administrator logs in to the Offenses tab and finds a large number of new Offenses that need action.
What column in the list of Offenses should the administrator use to prioritize them?

A. Last Event/Flow

B. Source IPs

C. Offense Type

D. Magnitude

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.
Which commands can be used to verify the crossover status? (Choose two.)

A. /opt/qradar/ha/bin/ha cstate

B. /opt/qradar/ha/bin/qradar_nettune.pl crossover status

C. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface> status

D. /opt/qradar/ha/bin/getStatus crossover

E. cat /proc/drbd

F. /opt/qradar/ha/bin/ha_getstate.sh

Correct Answer: B,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation.
How can the administrator tune the configuration of the Asset Profiler?

A. On the navigation menu, click Admin, click the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

B. In the System Configuration section of the Admin, access the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

C. In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

D. In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

IBM Security QRadar SIEM V7.3.2 Fundamental Administration (C1000-026) Free Practice Test