QRadar SOAR Level 2 Quiz

You must receive a score of 75% or higher on the quiz to complete the course.
Back Next
Started on Wednesday, February 21, 2024, 3:33 AM
State Finished
Completed on Wednesday, February 21, 2024, 3:45 AM
Time taken 11 mins 11 secs
Feedback Congratulations, you passed the quiz!

Question 1 What is the mission of the IBM QRadar Suite?

Correct

Points out of Accelerate threat detection and response 

1.00
Seek and destroy threats

Find weaknesses and improve

Lead in detection and capability

Question 2 The client currently has QRadar EDR deployed. In an
Correct effort to improve incident response, they ask how a
solution like QRadar SOAR could help. How do you
Points out of
respond? Back Next
1.00

QRadar SOAR can automatically open cases 

from endpoint alerts, enrich threat
investigations, and automate endpoint
remediation.

QRadar SOAR can continuously refine detection

mechanisms using advanced machine learning
and AI.

QRadar SOAR can optimize identity federation in

complex endpoint environments.

QRadar SOAR does not work well with existing

EDR solutions, but QRadar SIEM is a powerful
combination.
Question 3 An existing QRadar SOAR client is concerned about
Correct the rising cost of event storage in the security log
management tools. What QRadar solution can you
Points out of
encourage the client to evaluate? Back Next
1.00

QRadar EDR

QRadar Log Insights 

Randori ASM

QRadar NDR
Question 4 When pricing QRadar SOAR with unlimited actions,
Correct which pricing metrics and deployment options are
available?
Points out of
Back Next
1.00

Unlimited actions are not available for this

product.

QRadar Suite SOAR SaaS Concurrent User

pricing

QRadar Suite SOAR SaaS Authorized User 

(AU) pricing and QRadar Suite Software
Managed Virtual Server (MVS) or Authorized
User (AU) pricing

SOAR Standalone Concurrent User pricing User

Value Unit (UVU)
Question 5 The Global Privacy Knowledge Resource Library is
Incorrect part of what module of QRadar SOAR?

Points out of
Back Next
1.00 Breach Response module
Data Explorer module

Threat Investigator module

Unified Analyst Experience module 

Question 6 A client is planning on acquire QRadar Log Insights

Correct and QRadar SOAR solutions on Amazon Web Services
(AWS) and they are interested in providing a single
Points out of
pane of glass console to their analysts, along with
1.00
automated investigations. How does QRadar support
this?

The Unified Analyst Experience (UAX) shared 

across QRadar solutions with automated
investigation

QRadar SIEM is required to support this.

This is a feature of QRadar EDR.

QRadar Automated Investigator

Question 7 In KuppingerCole's comparative overview of Security
Incorrect Orchestration, Automation, and Response solutions
only two vendors achieved a green rating across all
Points out of
evaluated capabilities. Which two vendors received Back Next
1.00
this rating?

IBM and Palo Alto

IBM and Microsoft

Palo Alto and Service Now

IBM and ServiceNow 

Question 8 What is an "incident" in a Security Orchestration,

Correct Automation, and Response context?

Points out of
1.00 A set of steps that need to be executed when a
particular condition is met.

An event in which data or a system might be 

compromised.
The building block of a response workflow.
A unit of work to be accomplished by a user.
Question 9 How can QRadar SIEM make Security Orchestration,
Correct Automation, and Response (SOAR) solutions more
powerful?
Points out of
Back Next
1.00

Use the QRadar SOAR Plug-in with QRadar 

SIEM to escalate offenses from SIEM into
SOAR. The plug-in populates all incident
details from QRadar SIEM into the QRadar
SOAR case management experience.

MITRE ATT&CK based intelligence and solutions

for fast integration.

Bidirectional remediation of alerts through the

use of reference sets in the intelligence process.
QRadar SIEM will provide detailed endpoint
security assessments for dynamic alerting and
quantum safety.
Question 10 What is the standardized best practice approach to
Correct detection and response that IBM Security solutions
make extensive use of?
Points out of
Back Next
1.00

X-Force Threat Intelligence

MITRE TTPs - Tactics, Techniques, and

Procedures

MITRE national cybersecurity federally funded

research and development center

MITRE ATT&CK - Adversarial Tactics, 

Techniques, and Common Knowledge
Question 11 What is the benefit of the modern case management
Correct experience provided by IBM QRadar SOAR?

Points out of
Back Next
1.00 Automated threat investigations and accelerated
threat hunting.
Analysts can identify in a single screen the 
who, what, how, and any action taken on a
security investigation and incident response.

Modern case management supports dark mode

and moveable type.
Analysts can integrate privacy reporting tasks
into the overall incident response.

Question 12 Dynamic playbooks combine what three things to

Correct improve response times to incidents?

Points out of
1.00 EDR, SIEM, and SOAR

Data privacy, regulation, and compliance

MITRE, ATT&CK, and TTPs

People, process, and technology 
Question 13 During a client meeting, the client asks for a
Correct customer reference. You highlight the Doosan
customer case study and how it dramatically reduced
Points out of
response time to threats. How much did Doosan Back Next
1.00
reduce response time by using QRadar SOAR?

99%

61%

70%

85% 

Question 14 During a client meeting presenting QRadar SOAR as a

Correct solution to improve incident response, the client
mentions the majority of their incidents come from
Points out of
employee laptops. What QRadar product should you
1.00
position in addition to QRadar SOAR?

X-Force Threat Intelligence

QRadar EDR 

QRadar Log Insights

QRadar Threat Investigator
Question 15 What is IBM's point of view on the future of security
Correct operations?

Points out of
Back Next
1.00 It will be analyst focused, democratize 
expertise and AI,l leverage community
collaboration, and scale the SOC efficiently.
It will be technology focused, run by experts,
and built on custom technology.

The future is already here, it's just not evenly

distributed.
It will be analyst focused, automated, and
vendor agnostic.
Question 16 When discussing sizing and deployment with a client,
Correct the client asks what global cloud providers QRadar
SOAR is available on. How do you respond?
Points out of
Back Next
1.00

Have you considered an on-premise deployment

using Red Hat OpenShift?

QRadar SOAR is available as SaaS on Amazon 

Web Services today. Other cloud providers
may be added in the future.

QRadar SOAR is only available on IBM Cloud.

QRadar SOAR is not available as SaaS with any

global cloud provider today.

Question 17 According to IBM's competitive assessment, which

Incorrect company is the weakest competitor for Security
Orchestration, Automation, and Response (SOAR)?
Points out of
1.00

CrowdStrike

Exabeam
Microsoft 

Splunk
Question 18 All of the products in the QRadar Suite include
Correct Custom Detections except one product. Which
product does not include custom detections?
Points out of
Back Next
1.00

QRadar SIEM

QRadar SOAR 

QRadar EDR

QRadar Log Insights

Question 19 According to a North American state government, the

Correct IBM Security Unified Analyst Experience (UAX) does
what?
Points out of
1.00

It makes people faster and better at their job. 

It eliminates complexity.

It visualizes risk-based prioritization and data

source health.

It builds searches with full parsing and indexing.

Question 20 According to the Global SOC study by IBM, Security
Incorrect Operations Center team members only review what
percentage of alerts in a typical workday?
Points out of
Back Next
1.00

99%

49%

18% 

68%

Question 21 You are working with a client to replace their existing

Correct Security Orchestration, Automation, and Response
solution with QRadar SOAR. They ask you for two
Points out of
customer case studies. What two case studies are
1.00
recommended for this scenario?

Askari Bank and the IBM CIO Office

Doosan Digital Innovation and Askari Bank 

NextLevel solutions and Bank Station

IBM does not provide customer case studies.

Question 22 The client asks if IBM QRadar SOAR has any out of
Correct the box content to help them provide notice and
respond to a data or privacy breach. How do you
Points out of
respond? Back Next
1.00

The X-Force Threat Intelligence feed module will

help the organization stay ahead of emerging
threats.

No, you need to purchase IBM Guardium for data

security and compliance.

The IBM QRadar SOAR Breach Response 

add-on module contains up-to-date breach
response plans that map data to 180+
complex, global notification requirements.

The IBM QRadar SOAR provides manual

playbooks to organize a response.
Question 23 What does the IBM App Exchange provide for QRadar
Correct SOAR?

Points out of
Back Next
1.00 Quantum-safe cryptography
Open Source Intelligence (OSINT) marketplace
and auctions

Over 300 integrations from IBM, its 

technology partners (validated and
supported by IBM), and community
submitted applications
Identity and Access Management (IAM)

Question 24 The KuppingerCole Leadership Compass for Security

Incorrect Orchestration, Automation, and Response (SOAR)
study named IBM as a market leader. Which
Points out of
competitor is also considered a market leader in this
1.00
study?

Palo Alto
Microsoft

Exabeam 

Splunk
Question 25 What three things does the Unified Analyst
Incorrect Experience (UAX) automate before a person even
begins working with a case?
Points out of
Back Next
1.00

People, process, and technology

Threat detection, advanced response, and 

unlimited actions

Artifact correlation, investigation, and case

prioritization

Data privacy, regulation, and compliance