Podcast
Questions and Answers
An administrator is reviewing the system notifications and discovers this error: MPC: Unable to create new offense. The maximum number of active offenses has been reached. What is the default number of active offenses that can be open on a system?
An administrator is reviewing the system notifications and discovers this error: MPC: Unable to create new offense. The maximum number of active offenses has been reached. What is the default number of active offenses that can be open on a system?
- A. 3000
- B. 5000
- C. 2500 (correct)
- D. 10000
To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings?
To comply with specific regulations, an administrator has been requested to increase asset retention to 365 days. In which QRadar section can the administrator find the asset retention settings?
- A. Assets Tab / Asset Retention
- B. Assets Tab / Retention settings
- C. Admin Tab / Asset Retention
- D. Admin Tab / System Configuration (correct)
An administrator needs to view the events per second (EPS) rate for an individual domain. Which Ariel Query Language (AQL) query provides the information?
An administrator needs to view the events per second (EPS) rate for an individual domain. Which Ariel Query Language (AQL) query provides the information?
- A. select domain, DOMAINNAME(domain) from events GROUP BY domain last 1 HOURS
- B. select DOMAINNAME(domainid) as Log Domain, sum(event count) / 24*60*60 as EPS from events where domainid=1 group by domainid order by EPS desc last 24 hours (correct)
- C. select domainid, DOMAINNAME(domainid) from events GROUP BY domainid last 1 HOURS
- D. select DOMAINNAME(domain) as Log Domain, sum(event count) / 24*60*60 as EPS from events where domain=checkpoint group by domain order by EPS desc last 24 hours
An offense remains in a dormant state for __________days
An offense remains in a dormant state for __________days
Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?
Which event routing rule is required to add QRadar Data Store (QDS) capability to a deployment?
Which parameters can you use as a base for offense indexing?
Which parameters can you use as a base for offense indexing?
Which permission option allows the user to view only events and flows that are associated with both the log sources and networks that are specified in this security profile?
Which permission option allows the user to view only events and flows that are associated with both the log sources and networks that are specified in this security profile?
An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?
An administrator needs to collect logs from the Command Line Interface (CLI). Which command should the administrator use?
What feature influences the offense chaining?
What feature influences the offense chaining?
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can be used to verify the crossover status? (Choose two.)
A QRadar administrator added High Availability (HA) to the Event Processor and needs to verify the crossover link status between the primary and secondary hosts. Which commands can be used to verify the crossover status? (Choose two.)
Study Notes
QRadar Offenses
- The maximum number of active offenses has a default limit, which can be reached, preventing new offenses from being created.
Asset Retention
- Asset retention settings can be found in QRadar to comply with specific regulations, such as increasing asset retention to 365 days.
QRadar Queries
- The AQL query that provides the events per second (EPS) rate for an individual domain is not specified in the text, but it's implied that such a query exists.
Offense Status
- An offense remains in a dormant state for 30 days.
QRadar Deployment
- The "Data Store" event routing rule is required to add QRadar Data Store (QDS) capability to a deployment.
Offense Indexing
- Parameters that can be used as a base for offense indexing are not specified in the text.
Security Profile
- The "Restricted Access" permission option allows a user to view only events and flows that are associated with both the log sources and networks specified in a security profile.
Log Collection
- The command to collect logs from the Command Line Interface (CLI) is not specified in the text.
Offense Chaining
- The "Offense Inference" feature influences offense chaining.
High Availability (HA)
- To verify the crossover link status between the primary and secondary hosts in a High Availability (HA) setup, administrators can use these two commands:
ha_cluster_statusandha_crossover_status.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz assesses your understanding of error handling in MPC systems, specifically when encountering the 'Unable to create new offense' error. Test your knowledge of system limitations and offense management.
