An administrator needs to import data into QRadar for a specific use case.The data that has been provided to the administrator is stored in records that map a key to a value. Which type of data collection must the administrator create?
Answer(s): B
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_conifig_rul_resp_reference_set.html
An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?
Answer(s): D
https://www.ibm.com/support/pages/qradar-global-correlation
An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?
https://www.ibm.com/support/pages/getting-help-what-information-should-be-submitted-qradar-service-request
To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days.In which QRadar section can the administrator find the asset retention settings?
Answer(s): C
https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.2/com.ibm.qradar.doc/t_qradar_adm_asset_tuning_ip_retention.html
Post your Comments and Discuss IBM C1000-026 exam with other Community members: