10 Questions
An administrator is reviewing the system notifications and discovers this error: MPC: Unable to create new offense. The maximum number of active offenses has been reached. What is the default number of active offenses that can be open on a system?
C. 2500
To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings?
D. Admin Tab / System Configuration
An administrator needs to view the events per second (EPS) rate for an individual domain. Which Ariel Query Language (AQL) query provides the information?
B. select DOMAINNAME(domainid) as Log Domain, sum(event count) / 246060 as EPS from events where domainid=1 group by domainid order by EPS desc last 24 hours
An offense remains in a dormant state for __________days
B. 5
Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?
C. Log Only (exclude Analytics)
Which parameters can you use as a base for offense indexing?
D. Any event property
Which permission option allows the user to view only events and flows that are associated with both the log sources and networks that are specified in this security profile?
C. Networks AND Log Sources
An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?
D. /opt/qradar/support/get_logs.sh
What feature influences the offense chaining?
A. Indexing
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can be used to verify the crossover status? (Choose two.)
A. /opt/qradar/ha/bin/ha cstate and C. /opt/qradar/ha/bin/qradar_nettune.pl crossover status
Study Notes
QRadar Offenses
- The maximum number of active offenses has a default limit, which can be reached, preventing new offenses from being created.
Asset Retention
- Asset retention settings can be found in QRadar to comply with specific regulations, such as increasing asset retention to 365 days.
QRadar Queries
- The AQL query that provides the events per second (EPS) rate for an individual domain is not specified in the text, but it's implied that such a query exists.
Offense Status
- An offense remains in a dormant state for 30 days.
QRadar Deployment
- The "Data Store" event routing rule is required to add QRadar Data Store (QDS) capability to a deployment.
Offense Indexing
- Parameters that can be used as a base for offense indexing are not specified in the text.
Security Profile
- The "Restricted Access" permission option allows a user to view only events and flows that are associated with both the log sources and networks specified in a security profile.
Log Collection
- The command to collect logs from the Command Line Interface (CLI) is not specified in the text.
Offense Chaining
- The "Offense Inference" feature influences offense chaining.
High Availability (HA)
- To verify the crossover link status between the primary and secondary hosts in a High Availability (HA) setup, administrators can use these two commands:
ha_cluster_statusandha_crossover_status.
This quiz assesses your understanding of error handling in MPC systems, specifically when encountering the 'Unable to create new offense' error. Test your knowledge of system limitations and offense management.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
