An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?
A. /opt/bin/qradar/support/get_logs.sh
B. /opt/support/get_logs.sh
C. /opt/support/qradar/get_logs.sh
D. /opt/qradar/support/get_logs.sh
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts.
Which commands can be used to verify the crossover status? (Choose two.)
A. /opt/qradar/ha/bin/ha_getstate.sh
B. /opt/qradar/ha/bin/getStatus crossover
C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status
D. /opt/qradar/ha/bin/qradar_nettune.pl linkaggr
E. /opt/qradar/ha/bin/ha cstate
F. cat /proc/drbd
An administrator has added a new Event Processor to a QRadar deployment.
How many events per second (EPS) are granted from the temporary license and how many days will those EPS last?
A. 10000 EPS for a 35 day period
B. 5000 EPS for a 45 day period
C. 10000 EPS for a 45 day period
D. 5000 EPS for a 35 day period
An administrator needs to extract a property from an intrusion detection system (IDS) log. Using a regular expression, the administrator wants to extract a specific part of the log showing the matching "policy ID" of the IDS.
Which type of property must the administrator create?
A. Custom event property
B. Custom flow property
C. Custom asset property
D. Normalized event property
Which of the following dashboards is a QRadar default Dashboard?
A. Compliance and Reporting Monitoring
B. Vulnerability Overview
C. Monitoring Overview
D. Threat and Security Monitoring
A QRadar user reported the following notification:
38750099 – The accumulator was unable to aggregate all events/flows for this interval
When does this message appear?
A. When the aggregate data view configuration that is in memory is unable to write data to the database
B. When the system is unable to accumulate data aggregations within 60 seconds
C. When aggregated data views are disabled
D. When search results is unable to return over 200 unique objects
An administrator has been asked to configure a new QRadar console high availability (HA) deployment. Both the primary and secondary consoles have been installed with the QRadar software.
What should the administrator do to complete the HA configuration?
A. Add the secondary console to the deployment, and then create the HA host.
B. Reinstall the QRadar software on the secondary console using an "HA Recovery Setup".
C. Select "Secondary Host" on the wizard when adding the secondary host to the deployment.
D. Create the HA host to add the secondary console to the deployment.
An administrator may be asked to collect diagnostic information on one of our main services. For example, ecs-ec.
Commands such as: /opt/qradar/support/thredtop.sh /opt/qradar/support/jmx.sh
These commands collect thread and statistical information on the Services pipeline, queues and filters.
How would an administrator identify a list of jmx ports for each service?
A. grep JMXPORT /opt/qradar/init/*
B. grep JMXPORT /opt/qradar/systemd/env/*
C. grep JMXPORT /opt/qradar/system/bin/*
D. grep JMXPORT /opt/qradar/system/mem/*
An administrator wants to have all QRadar apps running on a new App Host that was configured to have dedicated CPU, storage and memory resources for the Apps. Several issues were presented during the installation of the App Host.
To troubleshoot, what should the administrator check?
A. If the completion of the /opt/qradar/check_app_host.sh script was successful
B. If port 5000 is opened on the console
C. If an IP table entry was already created to allow traffic from the App Host IP
D. If IP tables are disabled on the console
An administrator wants to upload a file with information related to network hierarchy instead of using the GUI wizard.
How can the administrator do this?
A. Install application "Network Hierarchy Management for QRadar"
B. Upload file using REST API
C. Modify /opt/qradar/conf/remotenet.conf
D. Use upload button in Network Hierarchy wizard
