Free IBM C1000-026 Exam Dumps and C1000-026 Exam Questions

Question No: 1

MultipleChoice

An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:

1. Selected Last Hour in the view option.

2. In the Add filter window, selected the search parameter Custom Rule [Indexed].

3. Selected Equals for Operator.

4. Selected Authentication for Rule Group.

What is the next step the administrator needs to perform for the Rule option?

Options

ASelect login failures followed by success to the same username

BSelect multiple login failures from the same source

CSelect multiple login failures to the same destination

DSelect multiple login failures for a single username

Question No: 2

MultipleChoice

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?

Options

A/var/log/qradar.audit

B/var/log/qradar.log

C/var/log/setup-*/patches.log

D/var/log/upgrade.log

Question No: 3

MultipleChoice

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a ''context'' keyword:

May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source:

10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source:

10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

Which options assign the ''contextA'' logs to DomainA and the ''contextB'' logs to domain B? (Choose two.)

Options

ACreate a single log source, create a ''Context'' custom event property, and assign the log to both domains using a custom rule.

BCreate two individual log sources by configuring a separated logging instance for each context on the
firewall and assign each log source to the correct domain.

CCreate a single log source, create a ''Context'' custom event property, and assign the log to the correct
domain using custom event property value.

DCreate two individual log sources using the context value as log source identifier and assign each log
source to the correct domain.

ECreate a single log source, create a ''Context'' custom event property, and assign the log to the correct
domain using a custom rule.

Question No: 4

MultipleChoice

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.

Which commands can be used to verify the crossover status? (Choose two.)

Options

A/opt/qradar/ha/bin/ha_getstate.sh

B/opt/qradar/ha/bin/getStatus crossover

C/opt/qradar/ha/bin/qradar_nettune.pl crossover status

D/opt/qradar/ha/bin/qradar_nettune.pl linkaggr <interface> status

E/opt/qradar/ha/bin/ha cstate

Fcat /proc/drbd

Question No: 5

MultipleChoice

When troubleshooting issues with QRadar applications, which application Docker container log file can be used to get more information about the apps?

Options

A/var/log/qradar.error

B/var/log/qradar.log

C/var/log/app.log

D/store/log/app.log