IBM Exam C1000-026 Topic 8 Question 1 Discussion

Actual exam question for IBM's C1000-026 exam

Question #: 1
Topic #: 8

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and Domain B. While reviewing the following sample logs, the administrator notices a ''context'' keyword:

May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source:

10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source:

10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;

Which options assign the ''contextA'' logs to DomainA and the ''contextB'' logs to domain B? (Choose two.)

ACreate a single log source, create a ''Context'' custom event property, and assign the log to both domains using a custom rule.

BCreate two individual log sources by configuring a separated logging instance for each context on the

CCreate a single log source, create a ''Context'' custom event property, and assign the log to the correct

DCreate two individual log sources using the context value as log source identifier and assign each log

ECreate a single log source, create a ''Context'' custom event property, and assign the log to the correct

Show Suggested Answer

Suggested Answer: B, D

by Leonida at May 04, 2022, 11:06 AM

Limited Time Offer

25%

Off

Get Premium C1000-026 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!