Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home IBM C1000-026

IBM C1000-026 Exam Practice Questions (P. 4)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
An administrator needs to upgrade their QRadar environment. The administrator has downloaded the Patchupdate File from Fixcentral and transferred this Image to the Appliance.
Which commands does the administrator need to run to start the upgrade process?
  1. A
    1. cd/medial/updates 2. systemctl stop Qradar 3. Qradar.sh upgrade all 4. systemctl reboot
  2. B
    1. mount ג€"o loop ג€"t squashfs XX_patchupdate.sfs /media/updates 2. cd /media/updates 3. /installer
  3. C
    1. cd /media/updates 2. yum update XX_patchupdate.sfs
  4. D
    1. patch XX_patchupdate.sfs

Correct Answer:
B

Question #17
An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts.
Which command can the administrator use to accomplish this?
  1. A
    /opt/qradar/support/all_servers.sh systemctl restart systemd-timedated.service
  2. B
    /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh
  3. C
    /sbin/hwclock ג€"systohc /opt/qradar/bin/time_sync.sh
  4. D
    /opt/qradar/support/all_servers.sh service ntpd restart

Correct Answer:
B
Reference:
https://www.ibm.com/support/pages/qradar-configuring-ntp-settings-qradar-appliance

Question #18
An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:
1. Selected Last Hour in the view option.
2. In the Add filter window, selected the search parameter Custom Rule [Indexed].
3. Selected Equals for Operator.
4. Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?
  1. A
    Select login failures followed by success to the same username
  2. B
    Select multiple login failures from the same source
  3. C
    Select multiple login failures to the same destination
  4. D
    Select multiple login failures for a single username

Correct Answer:
C

Question #19
An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching `policy ID` of the IDS.
Which type of property must the administrator create?
  1. A
    Custom event property
  2. B
    Custom flow property
  3. C
    Custom asset property
  4. D
    Normalized event property

Correct Answer:
D

Question #20
A company has two different domains in their IBM QRadar system: Domain_A and Domain_B. An administrator has been tasked to create a rule to look only at events that are tagged with Domain_A and ignore rules that are tagged with the other domains.
What domain text should the administrator use to create this rule?
  1. A
    is from domain: Domain_A
  2. B
    from domain: Domain_A
  3. C
    domain is: Domain_A
  4. D
    domain is one of: Domain_A

Correct Answer:
D
Reference:
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.qradar.doc/c_domain_specific_rules_offenses.html

Previous Questions Next Questions

All Pages