C1000-026 Online Practice Questions and Answers

An administrator needs to import data into QRadar for a specific use case.

The data that has been provided to the administrator is stored in records that map a key to a value.

Which type of data collection must the administrator create?

A. Reference set

B. Reference map of sets

C. Reference map

D. Reference map of maps

An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?

A. QRadar Event Collector

B. QRadar Console

C. Magistrate

D. QRadar Event Processor

An administrator is seeing the following system notification:

38750057 – A protocol source configuration may be stopping events from being collected.

What is a valid user action to this issue?

A. Re-install the QRadar Console

B. Review the /var/log/qradar.log file for more information

C. Restart the QRadar Console

D. Review the /var/log/error.log file for more information

An administrator plans to deploy multiple log sources that share a common configuration.

How many log sources can be added at one time?

A. 1000

B. 750

C. 250 D. 500

An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.

Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh

These commands collect thread and statistical information on the Services pipeline, queues and filters.

How would an administrator identify a list of jmx ports for each service?

A. grep JMXPORT /opt/qradar/init/*

B. grep JMXPORT /opt/qradar/systemd/env/*

C. grep JMXPORT /opt/qradar/system/bin/*

D. grep JMXPORT /opt/qradar/system/mem/*

An administrator modified a configuration setting in the Global System Notifications using the QRadar Console Admin tab.

What is the last step to apply changes?

A. Reload Web Server

B. Restart Services

C. Re-login to QRadar console

D. Deploy Changes

An administrator needs to combine multiple extraction and calculation-based properties into a single property.

Which Ariel Query Language (AQL) statement can be used?

A. AQL-based custom properties

B. AQL functions and SELECT, FROM, or database names

C. AQL functions and AQL-based custom properties

D. AQL functions

A company has several appliances and the administrator needs to copy a file to all appliances to run some tests to verify the integrity of the processes. The /opt/qradar/support/all_servers.sh script can be used to issue commands to all QRadar appliances within the deployment.

What option must be used with the script to copy the file to all appliances in the deployment?

A. /opt/qradar/support/all_servers.sh -p

B. /opt/qradar/support/all_servers.sh -k

C. /opt/qradar/support/all_servers.sh -C

D. /opt/qradar/support/all_servers.sh -g

A QRadar upgrade is planned and a maintenance window is scheduled. The administrator must stage the FIXPACK from IBM Fix Central.

Which QRadar FIXPACK file type must the administrator download?

A. RPM

B. IMG

C. SFS

D. XFS

An administrator installed a new App Host and would like to move the existing applications from the Console to the App Host.

What steps should be performed?

A. Admin Tab > Extension Management > Click to change where apps are run

B. Admin Tab > System Settings > Move apps

C. Admin Tab > Extension Management > Move apps

D. Admin Tab > System and License Management > Click to change where apps are run