Certbus > IBM > IBM Certifications > C1000-026 > C1000-026 Online Practice Questions and Answers

C1000-026 Online Practice Questions and Answers

Questions 4

An administrator needs to import data into QRadar for a specific use case.

The data that has been provided to the administrator is stored in records that map a key to a value.

Which type of data collection must the administrator create?

A. Reference set

B. Reference map of sets

C. Reference map

D. Reference map of maps

Browse 60 Q&As
Questions 5

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.

Which commands can be used to verify the crossover status? (Choose two.)

A. /opt/qradar/ha/bin/ha_getstate.sh

B. /opt/qradar/ha/bin/getStatus crossover

C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status

D. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr status

E. /opt/qradar/ha/bin/ha cstate

F. cat /proc/drbd

Browse 60 Q&As
Questions 6

Due to regulatory constraints, an administrator must increase the minimum password length and complexity.

In which QRadar section can the administrator change this setting?

A. Admin / System settings

B. Admin / Password policy

C. Admin / Security profiles

D. Admin / Authentication

Browse 60 Q&As
Questions 7

How many default dashboards does QRadar have?

A. 4

B. 5

C. 7

D. 6

Browse 60 Q&As
Questions 8

An administrator needs to upgrade their QRadar environment. The administrator has downloaded the Patchupdate File from Fixcentral and transferred this Image to the Appliance.

Which commands does the administrator need to run to start the upgrade process?

A. 1. cd/medial/updates

2.

systemctl stop Qradar

3.

Qradar.sh upgrade all

4.

systemctl reboot

B. 1. mount –o loop –t squashfs XX_patchupdate.sfs /media/updates

2.

cd /media/updates

3.

/installer

C. 1. cd /media/updates

2. yum update XX_patchupdate.sfs

D. 1. patch XX_patchupdate.sfs

Browse 60 Q&As
Questions 9

An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:

1.

Selected Last Hour in the view option.

2.

In the Add filter window, selected the search parameter Custom Rule [Indexed].

3.

Selected Equals for Operator.

4.

Selected Authentication for Rule Group.

What is the next step the administrator needs to perform for the Rule option?

A. Select login failures followed by success to the same username

B. Select multiple login failures from the same source

C. Select multiple login failures to the same destination

D. Select multiple login failures for a single username

Browse 60 Q&As
Questions 10

An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching "policy ID" of the IDS.

Which type of property must the administrator create?

A. Custom event property

B. Custom flow property

C. Custom asset property

D. Normalized event property

Browse 60 Q&As
Questions 11

What is a reason for restarting hostcontext service in QRadar?

A. A new user was created and it needs to be replicated

B. A new network hierarchy was uploaded

C. A new app was installed

D. The host is not responding to deploy requests

Browse 60 Q&As
Questions 12

An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.

What should the administrator do to complete the HA configuration?

A. Add the secondary console to the deployment, and then create the HA host.

B. Reinstall the QRadar software on the secondary console using an "HA Recovery Setup".

C. Select "Secondary Host" on the wizard when adding the secondary host to the deployment.

D. Create the HA host to add the secondary console to the deployment.

Browse 60 Q&As
Questions 13

An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.

Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh

These commands collect thread and statistical information on the Services pipeline, queues and filters.

How would an administrator identify a list of jmx ports for each service?

A. grep JMXPORT /opt/qradar/init/*

B. grep JMXPORT /opt/qradar/systemd/env/*

C. grep JMXPORT /opt/qradar/system/bin/*

D. grep JMXPORT /opt/qradar/system/mem/*

Browse 60 Q&As
Questions 14

After fixing the assets that contributed to the asset growth deviation, an administrator needs to find the asset artifacts that have to be cleaned up.

What action should the administrator take to find the artifacts?

A. On the "Log Activity" tab, run the "Deviating Asset Growth: Asset Report event search"

B. On the Admin Tab, select System Configuration --> Asset Profiler Configuration

C. Run the ./cleanAssets.sh --list command

D. On the Asset tab, run the "Clean Assets" action

Browse 60 Q&As
Questions 15

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module (DSM), a protocol, or Vulnerability Information Services (VIS) components, the following error message appears.

An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem persists, please contact customer support for assistance.

What action should the administrator take to troubleshoot this issue? (Choose two.)

A. systemctl restart snmpd

B. systemctl restart iptables

C. systemctl restart ecs-ep

D. systemctl start tomcat

E. systemctl restart httpd

F. Clear browser cache

Browse 60 Q&As
Questions 16

An administrator needs to save the nightly QRadar backups on a network storage.

The administrator has established the connection to the network storage.

What should the administrator do next?

A. Change the Backup Repository Path to the network storage location using the Backup Recovery Configuration window.

B. Change the Backup Repository Path by adding a new Network Activity Rule.

C. Change the Backup Repository Path to the network storage location using the System Settings window.

D. Configure the new network storage using the Assets Manager

Browse 60 Q&As
Questions 17

An administrator enters the QRadar web console into a web browser but does not get a response. Which process is responsible for the QRadar GUI?

A. tomcat

B. consoled

C. magistrated

D. guid

Browse 60 Q&As
Questions 18

An administrator would like to extend the functionality of QRadar using an external application.

Which file format is supported to successfully upload an application from the QRadar Console?

A. .zip

B. .tgz

C. .sh

D. .exe

Browse 60 Q&As
Exam Code: C1000-026
Exam Name: IBM Security QRadar SIEM V7.3.2 Fundamental Administration
Last Update: Mar 16, 2025
Questions: 60 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99