11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Started on Tuesday, November 29, 2022, 4:55 PM

Back Next
State Finished
Completed on Tuesday, November 29, 2022, 6:08 PM
Time taken 1 hour 13 mins
Grade 24.00 out of 25.00 (96%)
Feedback Congratulations! You received a perfect
score on the IBM QRadar XDR Sales Level 1
Quiz!

Question 1

Complete

1.00 points out of 1.00

To improve compliance, a client needs help bridging the

operational silos between the Security Operations Center
(SOC) and compliance teams that have multiplied over time.
They are integrating their current QRadar SIEM with Cloud Pak
for Security. Which QRadar XDR product would help IBM
address this client's challenge?

QRadar EDR
QRadar SOAR
QRadar Compliance
QRadar NDR

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 1/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 2

Complete

1.00 points out of 1.00 Back Next

A large prospective client is deciding between Palo Alto and

QRadar SIEM as their SIEM solution. The client wants a
solution flexible enough to be deployed on Azure as well as
on-premise. How can you position QRadar to address the
client's requirements?

QRadar runs on Azure with a custom hypervisor and it

also supports on-premise deployments
QRadar can only be deployed on-premise and IBM Cloud
QRadar runs on all major cloud platforms as well on-
prem, while Palo Alto does not have a SIEM
QRadar can only be deployed on-premise, so this
opportunity is not ideal for IBM

Question 3

Complete

1.00 points out of 1.00

What percentage of all current cyber attacks are classified as

ransomware?

0.29
0.46
0.23
0.36

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 2/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 4

Complete

1.00 points out of 1.00 Back Next

A prospective client is dissatisfied with their current EDR

solution as it recently failed to detect a ransomware attack.
How would you position ReaQta EDR to counter this concern?

ReaQta EDR's behavioral analysis and AI engine

automatically kills ransomware before it can shut down
the agent
The ReaQta EDR agent are fully hardened and are
impervious to ransomware
ReaQta EDR automatically keeps the endpoint patched
against security flaws so that ransomware cannot gain a
foothold
ReaQta EDR's Nano OS runs outside of the operating
system and is impervious to shutdown

Question 5

Complete

1.00 points out of 1.00

A QRadar client has expressed concerns about not getting

enough insight into the company’s network traffic despite
collecting flows and events. The client wants to detect and
investigate anomalous behavior on the network more quickly
and efficiently. What can you recommend to your client to
solve this concern?

Deploy Cloud Pak for Security Risk Manager

Deploy QRadar Advisor with Watson
Deploy QRadar Network Forensics
Deploy QRadar Network Detection and Response

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 3/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 6

Complete

0.00 points out of 1.00 Back Next

Your prospective client is evaluating QRadar and Exabeam.

The client’s primary needs are for a solution to have machine
learning capabilities and automatic incident investigation.
How can you position QRadar as the best solution that
addresses the customer's needs?

QRadar has 2 out-of-the-box security use cases to

investigate incidents
QRadar can perform machine learning analytics with the
Machine Leaning App and perform automated
investigations with Advisor with Watson
QRadar machine learning models update every 16 weeks
by default
QRadar requires two separate dashboards to view User
Behavioral Analytics and Machine Learning Analytics

Question 7

Complete

1.00 points out of 1.00

The latest Gartner Magic Quadrant report showed some

significant shifts in the leadership quadrant, including several
new competitors. Which visionary competitor should you
anticipate growing its market share in the upcoming years?

Rapid 7
Splunk
Microsoft Sentinel
LogRhythm

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 4/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 8

Complete

1.00 points out of 1.00 Back Next

Which free-to-use QRadar app can you recommend to

customers interested in keeping track of malicious and risky
insiders, view their anomalous activities, and drill down into
the underlying log and flow data that contributes to a user’s
risk score?

QRadar Threat Investigator

QRadar Network Insights
QRadar User Behavioral Analytics
QRadar Use Case Manager

Question 9

Complete

1.00 points out of 1.00

What three key things do today's security analysts need to

effectively deal with increases in advanced attacks?

Increased volume of network, end-user, and application

telemetry
MITRE ATT&CK, Quad9, and EDR
Improved event, flow and vulnerability collection
Streamlined detection, triage, and response

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 5/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 10

Complete

1.00 points out of 1.00 Back Next

What are the four key areas of value are called out in the IBM
Security Shield message?

Visibility, Detection, Ransomware, and Response

SIEM, SOAR, EDR, NDR
Align, Protect, Manage, and Modernize
Coordinate, Respond, Investigate, Orientate

Question 11

Complete

1.00 points out of 1.00

A prospective IBM client is extremely concerned about

countering the threat of ransomware. Which IBM Security
product should you position to address these concerns?

BigFix
QRadar SOAR
ReaQta EDR
QRadar SIEM

Question 12

Complete

1.00 points out of 1.00

As of 2021, how many years has QRadar SIEM been listed as a

leader in the Gartner Magic Quadrant?

7
12
5
10

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 6/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 13

Complete

1.00 points out of 1.00 Back Next

A client expresses their frustration with spending too much

time and money complying with regulatory reporting
requirements related to a recent breach. Which IBM product
should you introduce to help them with this problem?

QRadar NDR
QRadar SIEM
QRadar SOAR
QRadar EDR

Question 14

Complete

1.00 points out of 1.00

A happy QRadar SIEM client is evaluating EDR solutions,

including Exabeam and Crowdstrike, and they ask you for a
recommendation on which to choose. What do you tell them?

ReaQta EDR is the only solution that will work with

QRadar SIEM
Exabeam and Crowdstrike are inferior EDR products and
they should only consider ReaQta EDR
Research has shown that EDR is an immature technology
and we recommend that clients take a wait-and-see
attitude for now
QRadar can work with virtually any EDR, including
Exabeam and Crowdstrike, but they should also take a
look at ReaQta EDR

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 7/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 15

Complete

1.00 points out of 1.00 Back Next

How many out-of-the-box use cases does QRadar SIEM

supply, aligned with the MITRE ATT&CK framework?

Over 2000
Over 600
Over 300
Over 1200

Question 16

Complete

1.00 points out of 1.00

Which three XDR components are included in the Gartner SOC

Visibility Triad?

XDR, NDR, EDR

SIEM, NDR, EDR
SIEM, SOAR, NDR
SOAR, SIEM, EDR

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 8/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 17

Complete

1.00 points out of 1.00 Back Next

You are discussing QRadar XDR with a client and they indicate
that they are not that concerned with cloud security since
most of their critical systems run on-premise. What could you
tell them to make them more concerned about cloud?

Many organizations have more data in the cloud than they

realize (eg SaaS) and research has shown that 23% of
attackers pivot to the cloud once they gain a foothold on-
premise
Cloud should not be a key security concern for most
organizations, but QRadar XDR does run on cloud and on-
premise
Research has shown that cloud is just a fad and most
organizations are already transitioning back to on-premise
99% of attacks traverse the network, which is typically
on-premise, so as long as attacks are caught there, clients
don't need to worry about the cloud

Question 18

Complete

1.00 points out of 1.00

A large prospective client is considering both Microsoft Azure

Sentinel and QRadar SIEM as their Security Information and
Event Management (SIEM) solution. The client wants to have a
solution with out-of-the-box security use cases that also
automatically detect threats. How do you position QRadar to
address the client’s requirements?

QRadar can integrate with any SOAR solution

Walk away from the opportunity as Microsoft has more
data connectors than QRadar
QRadar’s Expert Labs team can customize security use
cases for the customer
QRadar comes with many out-of-the-box security use
cases and its correlation rules engine permits a client to
detect threats automatically

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 9/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 19

Complete

1.00 points out of 1.00 Back Next

You are competing against Microsoft Sentinel. The customer is

a Microsoft shop and is considering Microsoft Sentinel
because it is free for Azure clients. How can you counter this
perception?

Sell QRadar with the Microsoft Azure Sentinel adapter

Sentinel is billed on the number of Azure users
Sentinel is free for Azure clients and can be deployed on
any cloud platform
Sentinel is billed on the volume of data ingested for
analysis with additional charges for Machine Learning

Question 20

Complete

1.00 points out of 1.00

A client is planning on acquire several QRadar XDR modules,

including SIEM and SOAR, and they are interested in providing
a single pane of glass console to their analysts, along with
automated investigations. Which additional offering should
you recommend?

QRadar EDR
QRadar Advisor
QRadar Automated Investigator
QRadar XDR Connect

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 10/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 21

Complete

1.00 points out of 1.00 Back Next

A client is slightly confused between network flows and

QRadar Network Insights and asks you to explain the
difference. What should you tell them?

Flows provide basic network behavior analyses, while QNI

uses packet capture to provide much deeper metrics on
network traffic
Flows measure the quanity of firewall accept and deny
requests, whereas QNI provides deep insights into the
network
Flows detect network behavioral "outliers" while QNI
provides deep network forensic analyses
Flows are useful in EDR analyses as they can detect
malware on the network, whereas QNI only measures
network traffic behavior

Question 22

Complete

1.00 points out of 1.00

An IBM client has selected QRadar to monitor its

infrastructure for potential threats and abnormal activity and
they want to collect and process both events and flows. What
type of licenses does the client need to purchase in order to
collect both events and flows?

Events per Second and Data Store

Events per Second and Flows per Minute
Flows per Minute and Events per Minute
Flows per Second and Events per Second

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 11/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 23

Complete

1.00 points out of 1.00 Back Next

What security concept is centered on the belief that

organizations should not automatically trust anything inside or
outside its perimeters?

Global Trust
Zero Trust
Trust, but Verify
Zone Defense

Question 24

Complete

1.00 points out of 1.00

A client has been reading about QRadar XDR and asks you
which products and offerings comprise the key components of
the QRadar suite. How do you respond?

CP4S, TII, TI, EDR, SIEM, XDR

IAM, Guardium, Trusteer and Verify
EDR, Threat Intel, SOAR, SIEM, CP4S
EDR, NDR, SIEM, SOAR, XDR Connect, Threat Intel

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 12/13
11/30/22, 1:09 AM IBM Security QRadar XDR Fundamentals Level 1Quiz: Attempt review

Question 25

Complete

1.00 points out of 1.00 Back Next

Which QRadar SOAR feature provides the ability to build a

series of actions, roles and responsibilities for responding to a
given cyber threat?

Response plan
Strategy
Playbook
Rule

https://learn.ibm.com/mod/quiz/review.php?attempt=1923483&cmid=234308 13/13