C1000-026無料問題集「IBM Security QRadar SIEM V7.3.2 Fundamental Administration」

質問 1

An administrator needs to know if a custom rule is being correlated correctly.
Which QRadar component is responsible for this process?

（A）Magistrate

（B）QRadar Event Processor

（C）QRadar Event Collector

（D）QRadar Console

正解：B 解答を投票する

質問 2

An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:
1. Selected Last Hour in the view option.
2. In the Add filter window, selected the search parameter Custom Rule [Indexed].
3. Selected Equals for Operator.
4. Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?

（A）Select multiple login failures from the same source

（B）Select multiple login failures for a single username

（C）Select login failures followed by success to the same username

（D）Select multiple login failures to the same destination

正解：B 解答を投票する

質問 3

An administrator wants to have all QRadar apps running on a new App Host that was configured to have dedicated CPU, storage and memory resources for the Apps. Several issues were presented during the installation of the App Host.
To troubleshoot, what should the administrator check?

（A）If port 5000 is opened on the console

（B）If the completion of the /opt/qradar/check_app_host.sh script was successful

（C）If an IP table entry was already created to allow traffic from the App Host IP

（D）If IP tables are disabled on the console

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

An administrator needs to collect logs from the Command Line Interface (CLI).
Which command should the administrator use?

（A）/opt/support/qradar/get_logs.sh

（B）/opt/qradar/support/get_logs.sh

（C）/opt/bin/qradar/support/get_logs.sh

（D）/opt/support/get_logs.sh

正解：B 解答を投票する

質問 5

An administrator needs to upgrade their QRadar environment. The administrator has downloaded the Patchupdate File from Fixcentral and transferred this Image to the Appliance.
Which commands does the administrator need to run to start the upgrade process?

（A）1. mount -o loop -t squashfs XX_patchupdate.sfs /media/updates
2. cd /media/updates
3. /installer

（B）1. cd /media/updates
2. yum update XX_patchupdate.sfs

（C）1. cd/medial/updates
2. systemctl stop Qradar
3. Qradar.sh upgrade all
4. systemctl reboot

（D）1. patch XX_patchupdate.sfs

正解：A 解答を投票する

質問 6

An administrator needs to combine multiple extraction and calculation-based properties into a single property.
Which Ariel Query Language (AQL) statement can be used?

（A）AQL functions and AQL-based custom properties

（B）AQL-based custom properties

（C）AQL functions and SELECT, FROM, or database names

（D）AQL functions

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

C1000-026 無料問題集「IBM Security QRadar SIEM V7.3.2 Fundamental Administration」

弊社を連絡する

関連リンク

トップ試験