An administrator needs to know if a custom rule is being correlated correctly. Which QRadar component is responsible for this process?

A. QRadar Event Collector

B. QRadar Console

C. Magistrate

D. QRadar Event Processor

A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.

Which commands can be used to verify the crossover status? (Choose two.)

A. /opt/qradar/ha/bin/ha_getstate.sh

B. /opt/qradar/ha/bin/getStatus crossover

C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status

D. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr status

E. /opt/qradar/ha/bin/ha cstate

F. cat /proc/drbd

Which log should be reviewed to determine the reasons a patch installer did not proceed during a QRadar upgrade?

A. /var/log/qradar.audit

B. /var/log/qradar.log

C. /var/log/setup-*/patches.log

D. /var/log/upgrade.log

An administrator has to change the system hardware clock of the QRadar server. The administrator has already restarted the main services (hostservices, tomcat, hostcontext) and needs to synchronize the QRadar Console time with the QRadar managed hosts.

Which command can the administrator use to accomplish this?

A. /opt/qradar/support/all_servers.sh systemctl restart systemd-timedated.service

B. /opt/qradar/support/all_servers.sh /opt/qradar/bin/time_sync.sh

C. /sbin/hwclock –systohc /opt/qradar/bin/time_sync.sh

D. /opt/qradar/support/all_servers.sh service ntpd restart

What is a reason for restarting hostcontext service in QRadar?

A. A new user was created and it needs to be replicated

B. A new network hierarchy was uploaded

C. A new app was installed

D. The host is not responding to deploy requests

An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.

Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh

These commands collect thread and statistical information on the Services pipeline, queues and filters.

How would an administrator identify a list of jmx ports for each service?

A. grep JMXPORT /opt/qradar/init/*

B. grep JMXPORT /opt/qradar/systemd/env/*

C. grep JMXPORT /opt/qradar/system/bin/*

D. grep JMXPORT /opt/qradar/system/mem/*

An administrator needs to add, delete and modify user accounts.

When deleting a user, what dependency checks are carried out?

A. Custom Rules, Historical Correlation Profiles, Security Profiles

B. Custom Rules, Report and Search Criteria, Security Roles

C. Custom Rules, Security Profiles, Report and Search Criteria

D. Custom Rules, Report and Search Criteria, Historical Correlation Profiles

An administrator needs to save the nightly QRadar backups on a network storage.

The administrator has established the connection to the network storage.

What should the administrator do next?

A. Change the Backup Repository Path to the network storage location using the Backup Recovery Configuration window.

B. Change the Backup Repository Path by adding a new Network Activity Rule.

C. Change the Backup Repository Path to the network storage location using the System Settings window.

D. Configure the new network storage using the Assets Manager

An administrator would like to add a new managed host which uses an existing Network Address Translation (NAT).

Which parameters have to be provided if "Host is NATed" is chosen while adding a managed host?

A. Select Network Attached Telemetric, Enter MAC address of the server or appliance to add

B. Select NATed network, Enter public IP of the server or appliance to add

C. Select NATed network, Enter MAC address of the server or appliance to add

D. Select Network Attached Telemetric, Enter public IP of the server or appliance to add

An administrator is tasked to reduce data volumes in the asset database and reduce stale data contributing to asset growth deviation.

How can the administrator tune the configuration of the Asset Profiler?

A. In the System Configuration section of the Admin, access the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

B. In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. Next, deploy the changes into the environment for the updates to take effect.

C. On the navigation menu, click Admin, click the Asset Profile Configuration and reduce the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.

D. In the System Configuration section of the Admin, access the Asset Profile Configuration and increase the retention values for the Asset Profiler Retention Configuration and Save. On the navigation menu, click Admin and from the Advanced menu, click Restart Event Collection Services. Next, deploy the changes into the environment for the updates to take effect.