7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

QRadar SIEM - Architecture and

Sizing for Technical Sales Quiz Back Next

You must receive a score of 75% or higher on the quiz to complete

the course.
Started on Monday, July 8, 2024, 8:43 AM
State Finished
Completed on Monday, July 8, 2024, 8:51 AM
Time taken 8 mins 9 secs
Feedback Sorry, you did not pass the quiz for the.

Question 1

Correct

Points out of 1.00

Both Event and Flow Collectors rely on burst handling exessive

events and flows when their license limits are exceeded. The
burst handling method provides an overflow buffer to
temporarily store events and flows that exceed the license
limit. How large is that buffer?

2 GB

5000 event or 15000 flow records

10 GB
5 GB 

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 1/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 2

Correct

Points out of 1.00

Back Next

Which statement is true?

The capacity of a QRadar SIEM deployment is 

measured by the number of events per second (EPS)
and flows per minute (FPM) that IBM QRadar can
collect, normalize, and correlate in real time.
The capacity of a QRadar SIEM deployment is measured
by the number of servers and concurrent active users on
the network.
The capacity of a QRadar SIEM deployment is measured
by the number of servers and workstations on the
network.
The capacity of a QRadar SIEM deployment is measured
by the number of servers and users that QRadar monitors.

Question 3

Incorrect

Points out of 1.00

If Advanced calculator is used, what is the benchmark for the

field testing of actual QRadar deployments?

It is within 15% accuracy 95% of the time.

It is within 15% accuracy 75% of the time.

It is within 10% accuracy 80% of the time.

It is within 15% accuracy 85% of the time. 

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 2/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 4

Incorrect

Points out of 1.00

Back Next

The Flow Collector can detect applications that are involved in

a network conversation between two hosts by using four
different methods. If the Application Detection Module
assigns a "web server" application based on discovered http
traffic, what method has been used?

Signature matching 

User-defined decoder
Port-based matching

State-based decoder

Question 5

Incorrect

Points out of 1.00

Starting with QRadar SIEM 7.4, analysts can use a new and
modern UI to investigate threats. What is this new UI called?

Analyst Workflow App

Unified Analyst Experience 

Pulse

Use Case Manager

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 3/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 6

Correct

Points out of 1.00

Back Next

An Event Collector can combine many incoming events that

show the same attributes into one single event. Which
component is performing this action?

Overflow filter
Device support module

Traffic analysis module

Coalescing filter 

Question 7

Correct

Points out of 1.00

Where does QRadar store accumulation data, which is used in

reports, search results, or time series charts?

Reference Sets
PostgreSQL database

Data Node

Ariel database 

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 4/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 8

Incorrect

Points out of 1.00

Back Next

Using a separate license, QRadar Vulnerability Manager (QVM)

capabilites can be added to a QRadar deployment. How can
vulnerability scans and data be ingested for individual network
assets?

By using the built-in QVM vulnerability scanner 

By using a third party vulnerability scanner

By using a dedicated Qflow appliance

By using an X-Force Threat Intelligence Feed

Question 9

Correct

Points out of 1.00

All events and flows are stored in the Ariel databse. On which
component do you find the Ariel database?

Data Node

Event or Flow Collector

Event Processor 
Console

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 5/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 10

Incorrect

Points out of 1.00

Back Next

Which component in QRadar SIEM is responsible for creating

new assets based on discovered hosts, services, or
vulnerabilities?

Vulnerability Information Server

Magistrate 

ECS-EP

ECS-EC

Question 11

Correct

Points out of 1.00

If you do not deploy a separate App Host for QRadar Apps, on

which component do the Apps run?

Data Node

Console 

Event or Flow Processors

Any managed host

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 6/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 12

Correct

Points out of 1.00

Back Next

When does the License Pool Management window show a

negative value for the EPS and FPM?

When the license pool is undercoated

When EPS is higher than FPM

When the license pool is overallocated 

When FPM is higher than EPS

Question 13

Incorrect

Points out of 1.00

The PostgreSQL database on the Console stores relevant

deployment information, asset data, and much else. For
backup and restore capability, QRadar stores read-only copies
of the PostgreSQL database on which other components?

All managed hosts

Data Nodes 

Event and Flow Collectors

Event and Flow Processors

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 7/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 14

Correct

Points out of 1.00

Back Next

Which deployment model can be used to outsource the

operational and DevOps management of a QRadar
deployment?

QRadar in the Cloud

CloudPak for Security

QRadar on Cloud 

Hybrid deployment

Question 15

Incorrect

Points out of 1.00

Which QRadar component has to run the Global Cross

Correlation rules?

Anomaly Detection Engine

Magistrate

Event Processor 

Ariel Proxy Server

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 8/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 16

Correct

Points out of 1.00

Back Next

QRadar can add new log sources to an environment when they

are first detected by which QRadar component?

Event Processor

Flow Collector

Event Collector 

Console

Question 17

Correct

Points out of 1.00

Where can an analyst observe real-time flows?

In the Log Activity tab

By running a real-time report

By analyzing active offenses

In the Network Activity tab 

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 9/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 18

Incorrect

Points out of 1.00

Back Next

QRadar uses a role-based licensing model tied to the roles of

managed hosts. To change the role of a managed host, what
must be done?

Change the role of a managed host in the Managed Hosts

application on the Admin tab.

Log in to the managed host using an SSH connection and

change the role inside the respective config file.

Reinstall the physical or virtual appliance.

Change the role of a managed host in the License 

application on the Admin tab.

Question 19

Incorrect

Points out of 1.00

After deploying a high-availability configuration for an on-

prem QRadar systems, the backup applicances will resume
control when a failover situation is detected. How long does it
take a typical failover process to resume operations?

Around 30 minutes
3–10 minutes

Less than 1 minute 

Around 1 hour

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 10/11
7/8/24, 3:51 PM QRadar SIEM - Architecture and Sizing for Technical Sales Quiz: Attempt review

Question 20

Correct

Points out of 1.00

Back Next

What type of QRadar sizing calculator matches the web-based

public cost estimates for QRadar SIEM?

Advanced

Basic

Custom

Super basic 

https://learn.ibm.com/mod/quiz/review.php?attempt=3228159&cmid=260860 11/11