An administrator needs to import data into QRadar for a specific use case.
The data that has been provided to the administrator is stored in records that map a key to a value.
Which type of data collection must the administrator create?
A. Reference set
B. Reference map of sets
C. Reference map
D. Reference map of maps
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.
Which commands can be used to verify the crossover status? (Choose two.)
A. /opt/qradar/ha/bin/ha_getstate.sh
B. /opt/qradar/ha/bin/getStatus crossover
C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status
D. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr
E. /opt/qradar/ha/bin/ha cstate
F. cat /proc/drbd
Due to regulatory constraints, an administrator must increase the minimum password length and complexity.
In which QRadar section can the administrator change this setting?
A. Admin / System settings
B. Admin / Password policy
C. Admin / Security profiles
D. Admin / Authentication
An administrator needs to upgrade their QRadar environment. The administrator has downloaded the Patchupdate File from Fixcentral and transferred this Image to the Appliance.
Which commands does the administrator need to run to start the upgrade process?
A. 1. cd/medial/updates
2.
systemctl stop Qradar
3.
Qradar.sh upgrade all
4.
systemctl reboot
B. 1. mount –o loop –t squashfs XX_patchupdate.sfs /media/updates
2.
cd /media/updates
3.
/installer
C. 1. cd /media/updates
2. yum update XX_patchupdate.sfs
D. 1. patch XX_patchupdate.sfs
An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:
1.
Selected Last Hour in the view option.
2.
In the Add filter window, selected the search parameter Custom Rule [Indexed].
3.
Selected Equals for Operator.
4.
Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?
A. Select login failures followed by success to the same username
B. Select multiple login failures from the same source
C. Select multiple login failures to the same destination
D. Select multiple login failures for a single username
An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching "policy ID" of the IDS.
Which type of property must the administrator create?
A. Custom event property
B. Custom flow property
C. Custom asset property
D. Normalized event property
What is a reason for restarting hostcontext service in QRadar?
A. A new user was created and it needs to be replicated
B. A new network hierarchy was uploaded
C. A new app was installed
D. The host is not responding to deploy requests
An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.
What should the administrator do to complete the HA configuration?
A. Add the secondary console to the deployment, and then create the HA host.
B. Reinstall the QRadar software on the secondary console using an "HA Recovery Setup".
C. Select "Secondary Host" on the wizard when adding the secondary host to the deployment.
D. Create the HA host to add the secondary console to the deployment.
An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.
Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh
These commands collect thread and statistical information on the Services pipeline, queues and filters.
How would an administrator identify a list of jmx ports for each service?
A. grep JMXPORT /opt/qradar/init/*
B. grep JMXPORT /opt/qradar/systemd/env/*
C. grep JMXPORT /opt/qradar/system/bin/*
D. grep JMXPORT /opt/qradar/system/mem/*
After fixing the assets that contributed to the asset growth deviation, an administrator needs to find the asset artifacts that have to be cleaned up.
What action should the administrator take to find the artifacts?
A. On the "Log Activity" tab, run the "Deviating Asset Growth: Asset Report event search"
B. On the Admin Tab, select System Configuration --> Asset Profiler Configuration
C. Run the ./cleanAssets.sh --list command
D. On the Asset tab, run the "Clean Assets" action
When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module (DSM), a protocol, or Vulnerability Information Services (VIS) components, the following error message appears.
An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem persists, please contact customer support for assistance.
What action should the administrator take to troubleshoot this issue? (Choose two.)
A. systemctl restart snmpd
B. systemctl restart iptables
C. systemctl restart ecs-ep
D. systemctl start tomcat
E. systemctl restart httpd
F. Clear browser cache
An administrator needs to save the nightly QRadar backups on a network storage.
The administrator has established the connection to the network storage.
What should the administrator do next?
A. Change the Backup Repository Path to the network storage location using the Backup Recovery Configuration window.
B. Change the Backup Repository Path by adding a new Network Activity Rule.
C. Change the Backup Repository Path to the network storage location using the System Settings window.
D. Configure the new network storage using the Assets Manager
An administrator enters the QRadar web console into a web browser but does not get a response. Which process is responsible for the QRadar GUI?
A. tomcat
B. consoled
C. magistrated
D. guid
An administrator would like to extend the functionality of QRadar using an external application.
Which file format is supported to successfully upload an application from the QRadar Console?
A. .zip
B. .tgz
C. .sh
D. .exe