C1000-026 Online Practice Questions and Answers

An administrator needs to add the following networks to a QRadar network hierarchy as a single Classless Inter-Domain Routin (CIDR) range:

192.168.64.0/24 192.168.65.0/24 192.168.66.0/24 192.168.67.0/24

What is the correct supernet for these subnets?

A. Network 192.168.66.0 with subnet mask 255.255.252.0

B. Network 192.168.64.0 with subnet mask 255.255.252.0

C. Network 192.168.64.0 with subnet mask 255.255.255.0

D. Network 192.168.66.0 with subnet mask 255.255.252.0

Due to regulatory constraints, an administrator must increase the minimum password length and complexity.

In which QRadar section can the administrator change this setting?

A. Admin / System settings

B. Admin / Password policy

C. Admin / Security profiles

D. Admin / Authentication

An administrator has added a new Event Processor to a QRadar deployment.

How many events per second (EPS) are granted from the temporary license and how many days will those EPS last?

A. 10000 EPS for a 35 day period

B. 5000 EPS for a 45 day period

C. 10000 EPS for a 45 day period

D. 5000 EPS for a 35 day period

A QRadar user reported the following notification:

38750099 – The accumulator was unable to aggregate all events/flows for this interval

When does this message appear?

A. When the aggregate data view configuration that is in memory is unable to write data to the database

B. When the system is unable to accumulate data aggregations within 60 seconds

C. When aggregated data views are disabled

D. When search results is unable to return over 200 unique objects

An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.

What should the administrator do to complete the HA configuration?

A. Add the secondary console to the deployment, and then create the HA host.

B. Reinstall the QRadar software on the secondary console using an "HA Recovery Setup".

C. Select "Secondary Host" on the wizard when adding the secondary host to the deployment.

D. Create the HA host to add the secondary console to the deployment.

A custom rule is generating events reporting that a specific user is failing to login too many times in the last 5 minutes. The administrator opens the event details to investigate the anomaly associated with the events but finds that no Anomaly details pane is shown.

What is the reason?

The events were generated by:

A. a Behavioral Detection Rule

B. an Anomaly Detection Rule

C. a Threshold Detection Rule

D. a standard Custom Rule

An administrator needs to combine multiple extraction and calculation-based properties into a single property.

Which Ariel Query Language (AQL) statement can be used?

A. AQL-based custom properties

B. AQL functions and SELECT, FROM, or database names

C. AQL functions and AQL-based custom properties

D. AQL functions

An administrator enabled the base license of QRadar Vulnerability Manager.

How many assets can be scanned using this license?

A. up to 128

B. up to 256

C. up to 100

D. up to 512

What is the minimum memory in gigabyte (GB) required for a QRadar All-in-One Virtual 3199 appliance?

A. 128

B. 32

C. 24

D. 16

When troubleshooting issues with QRadar applications, which application Docker container log file can be used to get more information about the apps?

A. /var/log/qradar.error

B. /var/log/qradar.log

C. /var/log/app.log

D. /store/log/app.log