← Back to exam page

C1000-026 IBM Security QRadar SIEM V7.3.2 Fundamental Administration

Loading demo links...

Showing 1–3 of 8 questions

Question 1

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain

B. While reviewing the following sample logs, the administrator notices a “context” keyword:

May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; Which options assign the “contextA” logs to DomainA and the “contextB” logs to domain B? (Choose two.)

Select all that apply, then click Submit answer.

  • Create a single log source, create a “Context” custom event property, and assign the log to both domains using a custom rule.

  • While reviewing the following sample logs, the administrator notices a “context” keyword:
    May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; Which options assign the “contextA” logs to DomainA and the “contextB” logs to domain B? (Choose two.)
    Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.

  • Create a single log source, create a “Context” custom event property, and assign the log to the correct domain using custom event property value.

  • Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.

  • Create a single log source, create a “Context” custom event property, and assign the log to the correct domain using a custom rule.
Question 2

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.

Which commands can be used to verify the crossover status? (Choose two.)

Select all that apply, then click Submit answer.

  • /opt/qradar/ha/bin/ha_getstate.sh

  • /opt/qradar/ha/bin/getStatus crossover

  • /opt/qradar/ha/bin/qradar_nettune.pl crossover status

  • /opt/qradar/ha/bin/qradar_nettune.pl linkaggr status

  • /opt/qradar/ha/bin/ha cstate

  • cat /proc/drbd
Question 3

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module (DSM), a protocol, or Vulnerability Information Services (VIS) components, the following error message appears.

An error has occurred. Refresh your browser (press F5) and attempt the action again. If the problem persists, please contact customer support for assistance.

What action should the administrator take to troubleshoot this issue? (Choose two.)

Select all that apply, then click Submit answer.

  • systemctl restart snmpd

  • systemctl restart iptables

  • systemctl restart ecs-ep

  • systemctl start tomcat

  • systemctl restart httpd

  • Clear browser cache