nerdexam
IBM

C1000-026 · Question #32

C1000-026 Question #32: Real Exam Question with Answer & Explanation

The correct answer is B. Create two individual log sources by configuring a separated logging instance for each context on D. Create two individual log sources using the context value as log source identifier and assign each. See the full explanation below for the reasoning.

Question

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a "context" keyword: May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp; Which options assign the "contextA" logs to DomainA and the "contextB" logs to domain B? (Choose two.)

Options

  • ACreate a single log source, create a "Context" custom event property, and assign the log to both
  • BCreate two individual log sources by configuring a separated logging instance for each context on
  • CCreate a single log source, create a "Context" custom event property, and assign the log to the
  • DCreate two individual log sources using the context value as log source identifier and assign each
  • ECreate a single log source, create a "Context" custom event property, and assign the log to the

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full C1000-026 Practice