A Deployment Professional was asked to investigate the following error:
Custom Rule Engine has detected a total of 20487 dropped event(s). 20487 event(s) were dropped in the last 62 seconds. Queue is at 99 percent capacity
The Deployment Professional needs to run the command
“/opt/qradar/bin/findExpensiveCustomRules.sh” to gather the necessary troubleshooting logs.
When should this command be run?
A. Right after a reboot
B. Run “service hostcontext restart” first
C. While the system is dropping events
D. Restart ECS, then run command
Answer: C
A current banking customer has just expanded by purchasing a small rural bank with a low bandwidth WAN connection.
The customer wants to expand its current QRadar SIEM 3105 all-in-one deployment to capture log events from the newly acquired branch and to forward them on a
schedule, after hours during the trough of activity to the main branch. There is plenty of room for this additional EPS growth.
Which device will meet the requirements?
A. 1202 QFlow Collector
B. 1400 Data Node
C. 1501 Event Collector
D. 1605 Event Processor
Answer: D
