C1000-026 Exam Questions

An administrator logs in to the Offenses tab and finds a large number of new Offenses that need action. What column in the list of Offenses should the administrator use to prioriti...

An administrator receives an expensive custom rule notification. Which tool can now be enabled via the Advanced `System Settings' ?Custom Rule Settings to help troubleshoot this?

An administrator enters the QRadar web console into a web browser but does not get a response. Which process is responsible for the QRadar GUI?

What happens if QRadar receives events at a higher rate than the license allows?

An administrator would like to add a new managed host which uses an existing Network Address Translation (NAT). Which parameters have to be provided if "Host is NATed" is chosen wh...

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation. How can the administrator tune the configurati...

An administrator would like to extend the functionality of QRadar using an external application. Which file format is supported to successfully upload an application from the QRada...

An administrator needs to save a search to use it in the dashboards. To do so, which search feature does the administrator need to select in the "Include in my Dashboard" checkbox?

An administrator logs into the QRadar Console to review the stored backup files. There is an exclamation mark beside some files. What is the cause of this?

An administrator needs data backup. What information is contained in the data backup?

A QRadar upgrade is planned and a maintenance window is scheduled. The administrator must stage the FIXPACK from IBM Fix Central. Which QRadar FIXPACK file type must the administra...

An administrator installed a new App Host and would like to move the existing applications from the Console to the App Host. What steps should be performed?

An administrator needs to restore from backup the applications in QRadar. Which configuration item should the administrator select?

When troubleshooting issues with QRadar applications, which application Docker container log file can be used to get more information about the apps?

An ip_context_menu.xml plug-in was created to assist in finding additional details for selected lP addresses. Where must this file be placed so the plug-in can be used?

SCSI can be configured in a standard IBM Security Qradar SIEM V7.1 deployment or in a High Availability environment. The initiator name is used to identify the iSCSI device volume...

Which action must be performed prior to adding a new chart or table to a dashboard?

Where in the Admin tab are hashing algorithms turned on for events and flows?

An administrator needs to import data into QRadar for a specific use case. The data that has been provided to the administrator is stored in records that map a key to a value. Whic...

An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can...

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?

An administrator is seeing the following system notification: 38750057 - A protocol source configuration may be stopping events from being collected. What is a valid user action to...

An administrator needs to import a list of HR staff logins into a reference set. Which file type can be used with the import function in the reference set editor window?

Which configuration is required to create a successful High Availability cluster?

When an administrator attempts to edit a log source after upgrading QRadar, a Device Support Module (DSM), a protocol, or Vulnerability Information Services (VIS) components, the f...

What is the minimum memory in gigabyte (GB) required for a QRadar All-in-One Virtual 3199 appliance?

An administrator needs to develop advanced filters to retrieve information from the QRadar System pertaining to the top abnormal events of the most bandwidth-intensive IP addresses...

An administrator needs to save the nightly QRadar backups on a network storage. The administrator has established the connection to the network storage. What should the administrat...

An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset reten...

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the...

An administrator plans to deploy multiple log sources that share a common configuration. How many log sources can be added at one time?

An administrator needs to add the following networks to a QRadar network hierarchy as a single Classless Inter-Domain Routin (CIDR) range: 192.168.64.0/24 192.168.65.0/24 192.168.6...

Due to regulatory constraints, an administrator must increase the minimum password length and complexity. In which QRadar section can the administrator change this setting?

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?

An administrator has added a new Event Processor to a QRadar deployment. How many events per second (EPS) are granted from the temporary license and how many days will those EPS la...

How many default dashboards does QRadar have?

An administrator needs to upgrade their QRadar environment. The administrator has downloaded the Patchupdate File from Fixcentral and transferred this Image to the Appliance. Which...

An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and nee...

An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following: 1. S...

An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log...

A company has two different domains in their IBM QRadar system: Domain_A and Domain_B. An administrator has been tasked to create a rule to look only at events that are tagged with...

Once a QID is created how is it associated with an event?

How would an IBM Security QRadar administrator know if asymmetric superflows are enabled?

A company has several appliances and the administrator needs to copy a file to all appliances to run some tests to verify the integrity of the processes. The /opt/qradar/support/al...

An administrator enabled the base license of QRadar Vulnerability Manager. How many assets can be scanned using this license?

An administrator needs to add, delete and modify user accounts. When deleting a user, what dependency checks are carried out?

An administrator needs to complete the upgrade process from V7.3.1 to V7.3.2. What is the correct procedure?

An administrator would like to categorize discovered assets by port definitions and add this information to a server type building block for further use. Which QRadar Console funct...