IBM Security QRadar Endpoint

Detection and Response (EDR) Level 2Back Next

Quiz
You must receive a score of 75% or higher on the quiz to complete the course.

Started on Thursday, February 15, 2024, 5:20 AM

State Finished
Completed on Thursday, February 15, 2024, 5:56 AM
Time taken 35 mins 22 secs
Feedback Congratulations, you passed the quiz!
Question 1 A client asks why its important to have 100% of
Correct detections done in real -time with no delays. Your
Response is?
Points out of
Back Next
1.00

100% detection rate is the highest level of

security. Responses can take time, but detection
is the most important factor.

As long as each step of the attack is tracked

delays in response time are acceptable.

An immediate identification & automated 

response draws the line between a fully
compromised infrastructure and an
unsuccessful breach.
Delays leave time for configuration changes that
can take place during an attack
Question 2 What are the 3 main components of QRadar EDR
Correct Architecture?

Points out of
Back Next
1.00 Endpoint agent, hive brain, dashboard 
Endpoint, NanoOS, smart logic

Workstation, virtual, server

Endpoint and NanoOS, infrastructure AI, multi

tennant

Question 3 What is the QRadar EDR behavioral tree?

Correct

Points out of A user-friendly visual storyboard providing 

1.00
full alert and attack visibilty
A user friendly interface that tracks analyst
performance

A list of event logs that mirrors attack vectors

across the endpoint

A tool that tracks user behavior across the

endpoint
Question 4 What operating systems does QRadar EDR protect?
Correct

Points out of MacOS only

Back Next
1.00
Windows only

MacOS, Windows, and Linux 

MacOS and Windows only

Question 5 A client wants to know what the average cost of a

Correct data breach was in 2023, your response is?

Points out of
1.00 2.5Million

3 Million

4.45Million 

1.5 Million
Question 6 What does DeStra stand for?
Correct

Points out of Detection Strategies 

Back Next
1.00
Deployment Strategies

Disaster Recover Strategies

Demonstration Strategies

Question 7 The AI-powered Cyber Assistant has been shown to

Incorrect reduce the number of false positives by what
percent?
Points out of
1.00

90%

60%

70%

80% 
Question 8 QRadar EDR on-premise is part of the QRadar Suite
Correct part number and licensed with resource units. What
is the advantage of this licensing model for the
Points out of
client? Back Next
1.00

Clients can pay for their EDR solution based on

data volumes, which are very predictable.

Clients can automatically get steeper discounts.

Clients can customize their deployment and 

easily mix and match what they use across a
mix of products (SIEM, SOAR, & EDR).

Clients can terminate their license at any time.

Question 9 During a client meeting an analyst asks what

Correct percentage of real time detections without delay
were performed by QRadar EDR in the MITRE
Points out of
Evaluation. Your response is?
1.00

99%

50%

100% 

75%
Question 10 A client is concerned about data sovereignty, what
Correct deployment options is available that this client might
be interested in?
Points out of
Back Next
1.00

On-prem deployment or In-Country SaaS 

Option (For data sovereignty)

If a client wants data sovereignty the only option

is an on-prem deployment

IBM QRadar EDR currently has a data center in

every geography

In-Country SaaS Option if IBM has a data center

in the region. This allows data to be stored
sovereign locally instead of having the
information sent to a foreign datacenter.
Question 11 When meeting with a client they express interest in a
Correct light-weight endpoint agent, what size is the QRadar
EDR endpoint agent?
Points out of
Back Next
1.00

25 megabytes

50 megabytes

5 megabytes

15 megabytes 

Question 12 Which of the following solutions are included in the

Correct QRadar Suite?

Points out of
1.00 QRadar Suite Basic, QRadar Suite Proffessional

Verify, MaaS360, SOAR, SIEM

EDR, SIEM, Log Insights, SOAR 

EDR,Randori, MaaS360
Question 13 A client asks why its important to have 100% of
Correct detections done in real -time with no delays. Your
response is? Back Next
Points out of
1.00

Delays leave time for configuration changes that

can take place during an attack.

100% detection rate is the highest level of

security. Responses can take time, but detection
is the most important factor.

An immediate identification & automated 

response draws the line between a fully
compromised infrastructure and an
unsuccessful breach.

As long as each step of the attack is tracked

delays in response time are acceptable.
Question 14 What percent of security professionals believe an
Correct attack will start on the endpoint?

Points out of
Back Next
1.00 28%
84% 

54%

98%

Question 15 Based on sample client data, what Mean Time to

Incorrect Detect and Triage, and Mean Time to Respond, can
MDR help clients achieve?
Points out of
1.00

<30 min and < 8 hours, respectively 

<10 min and < 1 hour, respectively

<5 min and <30 min, respectively

<2 hours and < 24 hours, respectively

Question 16 QRadar EDR on-premise is part of the QRadar Suite
Correct part number and licensed with resource units. What
is the advantage of this licensing model for the Back Next
Points out of
client?
1.00

Clients can terminate their license at any time.

Clients can customize their deployment and 

easily mix and match what they use across a
mix of products (SIEM, SOAR, & EDR).

Clients can automatically get steeper discounts.

Clients can pay for their EDR solution based on

data volumes, which are very predictable.
Question 17 When talking to a client about endpoint detection
Correct and response, the client states their analysts don't
have time to sift through alerts manually. Which
Points out of
feature of QRadar EDR can you point out to this clientBack Next
1.00
to respond to this concern?

Anti-Virus

Log Insights

Malicious Malware Detection

AI-powered Cyber Assistant 

Question 18 What are the 2 main points you want to make when
Correct presenting to a client and referencing the MITRE
report?
Points out of
1.00

Zero configuration changes, Zero delayed 

detections

fast deployment time, zero downtime

Best ROI in the industry, integration with IBM

security offerings
NanoOS, behavioral tree
Question 19 What is the QRadar MDR detection and response
Incorrect approach?

Points out of
Back Next
1.00 Customers are notified via ticketing platform for
incident escalation
MDR is not available

All endpoint alert management, with true

positive containment and incident escalation via
email

True positive alert management 

Question 20 A client is interested in a 30 day trial of QRadar EDR,

Correct what level of access will client get to the EDR
dashboard during this process?
Points out of
1.00

Full access on a limited number of endpoints

Partial access with an option to upgrade

Partial access

Full Access with administrator privledges 

Question 21 A client expresses concern over monitoring and
Correct tracking alerts 24/7 because they don't have the in-
house resources. Which QRadar EDR deployment
Points out of
model would benefit this client? Back Next
1.00

MDR 

SaaS

On-Prem & SaaS

On-Prem

Question 22 A client is interested in QRadar EDR, what are the

Correct deployment options available?

Points out of
1.00 On-premise only

Managed Service Only

SaaS only

Managed Service, SaaS, On-premise 

Question 23 Approximately what fraction of attacks involved
Incorrect ransomware in 2023?

Points out of
Back Next
1.00 Half of them include ransomware
None of them included ransomware

All of them included ransomware 

Nearly 1/4

Question 24 In 2023 it took an average of 204 days to identify a

Correct breach. How many additional days on average did it
take to contain an identified breach?
Points out of
1.00

21 days

5 days

73 Days 

1 day
Question 25 What is the minimum number of devices required to
Correct purchase QRadar EDR?
Back Next
Points out of
1.00 No minimum

100 Devices 

1000 Devices

50 devices