QRadar SOAR PoX product education

quiz [SOAR PoX L4] Back Next

You must receive a score of 75% or higher on the quiz to complete the course.
Started on Wednesday, February 21, 2024, 9:17 AM
State Finished
Completed on Wednesday, February 21, 2024, 9:27 AM
Time taken 9 mins 50 secs
Feedback Congratulations, you passed the quiz!

Question 1 When an incident is closed without any human

Correct interaction, what type of closure is complete?

Points out of
1.00 User closure

Manual closure

Auto closure 

System closure
Question 2 When creating an incident, the location field is
Incorrect commonly left blank. What is the reason for this field
being left blank?
Points out of
Back Next
1.00

The location is only required when involving 

law enforcement officials.

The location is unknown to the organization.

The location is often considered personally

identifiable information.

The location is known, but this information is not

important.
Question 3 Looking at the Global Artifacts tab, the IP address
Correct "192.168.42.110" displays a related incident count
of 0. Which statement is true about this artifact?
Points out of
Back Next
1.00

The artifact is included in the Global Artifacts tab

and Incident Artifacts tab.

The artifact is not related to an incident and 

represents a stand-alone artifact.

The artifact is related to an incident and

represents an incident artifact.

This artifact cannot be included in any incident.

Question 4 When an app is added into the QRadar SOAR

Correct Platform, what is automatically configured for each
app?
Points out of
1.00

Functions

Workflows

Message Destinations 
Scripts
Question 5 When creating a playbook, which settings are a valid
Correct combination in the Activation details pane?

Points out of
Back Next
1.00 Activation type = Automatic
and
Object type = Threat Intelligence
Activation type = Automatic
and
Object type = Manual

Activation type = Automatic 

and
Object type = Milestone

Activation type = Attachment

and
Object type = Artifact
Question 6 To configure inbound email integration in QRadar
Correct SOAR, three protocols are supported. Which of the
following protocols can be used as one of the
Points out of
options? Back Next
1.00

Post Office Protocol version 3 (POP3)

Messaging Application Programming Interface

(MAPI)

Multipurpose Internet Mail Extensions (MIME)

Internet message access protocol (IMAP) 

Question 7 Before creating the App Host instance, a user must
Correct create the App Host pairing. Which step is correct
when pairing an App Host?
Points out of
Back Next
1.00

A user must copy the unique pairing code and

paste it on the QRadar SOAR Apps page.

A user must copy the unique pairing code to 

the clipboard and paste it on the App Host
command line.

Create a yum repository called

apphost_optional.

A user must create a unique pairing code and

paste it in the Add App Host window.
Question 8 Adding new users to the QRadar SOAR organization
Correct can be achieved in two ways. One way is to use the
command line interface. What is the other option to
Points out of
add additional users? Back Next
1.00

Invite users using email on the Users tab. 

Add users using the Add User dialog on the

Users tab.

Add users using the Add User dialog on the

Organization tab.

Because users must be a member of a group,

users are added using the Group Details dialog.

Question 9 When creating a playbook, you want to wait for

Correct branches to be finished before continuing the
playbook process, what element do you use?
Points out of
1.00

Create two parallel lines to the next element on

the process
A script

A Wait point 

A Timer function
Question 10 After you complete the QRadar SOAR installation,
Incorrect you must create a system administrator user
account. Which command is used to create the initial
Points out of
user account in QRadar SOAR? Back Next
1.00

sudo resutil create user

sudo resutil new user

sudo resutil -create new user 

sudo resilient new user

Question 11 When a user adds an additional regulator to the

Correct incident using the Breach tab, what other change
occurs automatically?
Points out of
1.00

A new widget is added to the Analytics

dashboard.

A new member is assigned to the incident.

A new Artifact is added to the incident.

A new task is added to the incident. 

Question 12 When a user is working with QRadar SOAR
Incorrect dashboards, what is the purpose of the Activity
dashboard?
Points out of
Back Next
1.00

It is the default page of QRadar SOAR that

includes charts and tables that measure
incidents over time.

It is the default page of QRadar SOAR that 

includes the same features as an incident's
task tab organized in the timeline.

It is the default page of QRadar SOAR that

includes a running news feed, tasks due soon,
and generated downloads.
It is the default page of QRadar SOAR that
includes key metrics to help security teams
measure team efficiency.
Question 13 In the QRadar SOAR interface, where can a user
Correct invite additional users with the email invitation?

Points out of
Back Next
1.00 Administrator settings 
Outbound email settings

User settings

Customization settings

Question 14 You have decided to customize your Analytics

Correct Dashboard by adding a custom HTML-based graph.
Which custom widget allows users to create HTML
Points out of
code and CSS to add images and text to the
1.00
dashboard?

Incident HTML Block

Custom CSS Block

Custom HTML Block 

Incident CSS Block

Question 15 What is the central element in QRadar SOAR,
Correct coordinating various security tools and processes for
streamlined operations?
Points out of
Back Next
1.00

Automation

App Host

Orchestration 

Response

Question 16 To install an App Host, which installation option(s)

Correct are available?

Points out of
1.00 Virtual appliance, virtual appliance in an air- 
gapped environment, standalone software,
standalone software in an air-gapped
environment

Virtual appliance and standalone software

Only virtual appliance

Virtual appliance and virtual appliance in an air-

gapped environment
Question 17 The administrator can customize many layout options
Correct for the SOAR platform. What is the purpose of these
customizations?
Points out of
Back Next
1.00

The purpose is to limit the interaction between

security teams.

The purpose is to allow an organization to 

collect the proper information during incident
creation.

The purpose is to collect the least amount of

information possible.

The purpose is to collect the most information

possible.
Question 18 An analyst is reviewing the incident task list. When
Correct hovering the mouse over the clipboard icon, a pop-up
displays how the task was created. Which of the
Points out of
following are classifications of who created the task?Back Next
1.00

Default and API

System and User 

API and System

User and API

Question 19 Hyperlinked on the Activity Dashboard, what is the
Correct Resource Library?

Points out of
Back Next
1.00 A detailed database where users can learn more
about creating apps and integrating them with
the QRadar SOAR Platform.
A list of incident reports that are available for
you to download.

A centralized database that includes breach 

notification statuses, regulations, trade
organization bulletins, and guidance
documents.

Documentation that shares all the information

about QRadar SOAR capabilities.
Question 20 What is an orchestration technology solution that
Correct provides a flexible framework for a tailored response,
crucial for sophisticated, multi-step security events?
Points out of
Back Next
1.00

Case management system 

Playbook

App Host

Ticketing system