Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Ibm Discussions
exam questions

Exam C1000-026 All Questions

View all questions & answers for the C1000-026 exam
Go to Exam

Exam C1000-026 topic 1 question 9 discussion

Actual exam question from IBM's C1000-026
Question #: 9
Topic #: 1
[All C1000-026 Questions]

An administrator is about to integrate logs from a custom firewall in a QRadar deployment using syslog. The SIEM has two domains, namely Domain A and
Domain B. While reviewing the following sample logs, the administrator notices a `context` keyword:
May 14 11:05:01 192.168.1.23 20190514 11:05:00 context=contextA permit 192.168.1.24 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
May 13 12:07:01 192.168.1.23 20190513 11:07:00 context=contextB permit 192.168.1.25 source: 10.10.1.15; source_port: 64094; destination: 10.10.13.34; service: 53; protocol: udp;
Which options assign the `contextA` logs to DomainA and the `contextB` logs to domain B? (Choose two.)

  • A. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to both domains using a custom rule.
  • B. Create two individual log sources by configuring a separated logging instance for each context on the firewall and assign each log source to the correct domain.
  • C. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using custom event property value.
  • D. Create two individual log sources using the context value as log source identifier and assign each log source to the correct domain.
  • E. Create a single log source, create a ג€Contextג€ custom event property, and assign the log to the correct domain using a custom rule.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by navkumv at June 21, 2023, 7:03 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
navkumv
1 year, 5 months ago
Answer should C&E, we cannot configure log source using context value as log source identifier
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel