MultipleChoice
An administrator has been tasked to create a saved search that shows a list of multiple login failures for a single user by username. The administrator has done the following:
1. Selected Last Hour in the view option.
2. In the Add filter window, selected the search parameter Custom Rule [Indexed].
3. Selected Equals for Operator.
4. Selected Authentication for Rule Group.
What is the next step the administrator needs to perform for the Rule option?
OptionsMultipleChoice
Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?
OptionsMultipleChoice
An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a ''context'' keyword:
May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source:
10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source:
10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
Which options assign the ''contextA'' logs to DomainA and the ''contextB'' logs to domain B? (Choose two.)
OptionsMultipleChoice
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.
Which commands can be used to verify the crossover status? (Choose two.)
OptionsMultipleChoice
When troubleshooting issues with QRadar applications, which application Docker container log file can be used to get more information about the apps?
Options