Due to regulatory constraints, an administrator must increase the minimum password length and complexity. In which QRadar section can the administrator change this setting? A. Admin / System settings B. Admin / Password policy C. Admin / Security profiles D. Admin / Authentication Reference: https://www.ibm.com/support/knowledgecenter/en/SSHLHV_5.4.0/com.ibm.alps.doc/tasks/alps_configuring_admin_settings.htm

An administrator needs to add the following networks to a QRadar network hierarchy as a single Classless Inter-Domain Routin (CIDR) range: 192.168.64.0/24 192.168.65.0/24 192.168.66.0/24 192.168.67.0/24 What is the correct supernet for these subnets? A. Network 192.168.66.0 with subnet mask 255.255.252.0 B. Network 192.168.64.0 with subnet mask 255.255.252.0 C. Network 192.168.64.0 with subnet mask 255.255.255.0 D. […]

An administrator plans to deploy multiple log sources that share a common configuration. How many log sources can be added at one time? A. 1000 B. 750 C. 250 D. 500 Reference: https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/t_logsource_bulkadd.html

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a “context” keyword: May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; […]

An administrator needs to import a list of HR staff logins into a reference set. Which file type can be used with the import function in the reference set editor window? A. xml B. csv C. xls D. json Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/c_qradar_adm_refdata_ui.html

An administrator is seeing the following system notification: 38750057 – A protocol source configuration may be stopping events from being collected. What is a valid user action to this issue? A. Re-install the QRadar Console B. Review the /var/log/qradar.log file for more information C. Restart the QRadar Console D. Review the /var/log/error.log file for more […]

Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment? A. Log Only (exclude Analytics) B. Delete data When storage space is required C. Bypass Correlation D. Delete data immediately after the retention period has expired Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_data_store.html

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can be used to verify the crossover status? (Choose two.) A. /opt/qradar/ha/bin/ha_getstate.sh B. /opt/qradar/ha/bin/getStatus crossover C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status D. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr status E. /opt/qradar/ha/bin/ha cstate F. cat […]

To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings? A. Admin Tab / Asset Retention B. Assets Tab / Retention settings C. Admin Tab / System settings D. Assets Tab / Asset Retention Reference: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_asset_tuning_ip_retention.html

An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use? A. /opt/bin/qradar/support/get_logs.sh B. /opt/support/get_logs.sh C. /opt/support/qradar/get_logs.sh D. /opt/qradar/support/get_logs.sh Reference: https://www.ibm.com/support/pages/getting-help-what-information-should-be-submitted-qradar-service-request