Scribd
Upload
393 views13 pages

QRadar SOAR PoX Architecture and Sizing Quiz (SOAR PoX L4) Attempt Review

The document summarizes the results of a quiz on QRadar SOAR PoX architecture and sizing taken by the user. The user scored incorrectly on 7 out of 15 questions and did not pass the quiz with a score of at least 75%. The feedback stated that the user will need to retake the quiz to complete the course.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
393 views13 pages

QRadar SOAR PoX Architecture and Sizing Quiz (SOAR PoX L4) Attempt Review

The document summarizes the results of a quiz on QRadar SOAR PoX architecture and sizing taken by the user. The user scored incorrectly on 7 out of 15 questions and did not pass the quiz with a score of at least 75%. The feedback stated that the user will need to retake the quiz to complete the course.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

QRadar SOAR PoX architecture and

sizing quiz [SOAR PoX L4] Back Next

You must receive a score of 75% or higher on the quiz to complete the course.
Started on Wednesday, February 21, 2024, 9:30 AM
State Finished
Completed on Wednesday, February 21, 2024, 9:33 AM
Time taken 3 mins 41 secs
Feedback Sorry, you did not pass the quiz.

Question 1 Which QRadar SOAR core capability is used to define


Correct responses to incoming and changing events in cases?

Points out of
1.00 Automation

Incident visualization

Playbooks 

Orchestration
Question 2 Which of the SOAR incident response modules is
Incorrect responsible for gathering incident forensic
information?
Points out of
Back Next
1.00

Privacy module

Security module 

Entry point module

Action module

Question 3 You can extend QRadar SOAR to address different


Incorrect use cases across a wide range of 3rd party
integrations. In which type of application category
Points out of
can you find the User Behavior Analytics integration?
1.00

Identification and Enrichment 

Communication and Coordination

Escalation

Integrations
Question 4 Defining the functional architecture of QRadar SOAR
Incorrect covers which topics?

Points out of
Back Next
1.00 Core capabilities, modular design, use cases,
deployment models
Core capabilities, extensibility, use cases,
deployment models

Core capabilities, functional components, 


extensibility, use cases

Core capabilities, extensibility, use cases,


component models
Question 5 What assumption should the client know if the sales
Correct engineer uses the cost estimator for the pricing
discussion?
Points out of
Back Next
1.00

The cost estimator includes a breach response


module only for on-prem deployment.

The number of authorized users is the main 


parameter to calculate the license cost.

A number of authorized users is for SaaS-only


deployment.

The cost estimator includes a breach response


module only for SaaS deployment.
Question 6 QRadar SOAR playbooks have been designed
Correct following well accepted open industry standard.
Which of the following standards have been used?
Points out of
Back Next
1.00

Sarbanes-Oxley Act (SOX)

Control Objectives for Information and Related


Technology (COBIT)

International Organization for Standards - ISO/


IEC 27001

National Institute of Standards and 


Technology (NIST)
Question 7 Which statement is true when pricing the different
Correct deployment options?

Points out of
Back Next
1.00 The Open Virtual Appliance (OVA) deployments
are charged per MVS license type. All other
deployment options are based on the authorized
users.
All OpenShift based deployments are charged
per authorized user.

Regardless of the QRadar SOAR deployment 


options, the clients are charged per
authorized user.

The Breach Response option is included in the


QRadar Suite deployment for free.
Question 8 Which QRadar SOAR add-on do you have to deploy if
Incorrect your security and privacy team wants to be aware if
they have to inform federal or state regulators about
Points out of
certain incidents? Back Next
1.00

QRadar SIEM Functions for SOAR 

QRadar EDR for IBM SOAR App

IBM SOAR QRadar Plug-In App

QRadar SOAR Breach Response

Question 9 What is the protocol when your App Host initiates the
Correct communication to the SOAR Platform?

Points out of
1.00 JMS/STOMP, port 65001

REST API, port 443 

REST API, port 65001

JMS/STOMP, port 443


Question 10 What is the name of the base token used to calculate
Incorrect dollar amounts for license and subscription?

Points out of
Back Next
1.00 Resource Unit (RU)
Case Management Load (CML)

Authorized Users (AU) 

Managed Virtual Servers (MVS)


Question 11 Besides using available QRadar SOAR apps or
Correct extensions from the IBM Security App Exchange, you
can also develop your own apps. What are the
Points out of
prerequisites for someone who wants to start Back Next
1.00
developing apps?

Knowledge of the playbook toolkit and of writing


scripts in Java.

Knowledge of message-oriented middleware


(MOM) systems and of writing scripts in Java.
Knowledge of Kubernetes containers and of
writing scripts in Python.

Knowledge of message-oriented middleware 


(MOM) systems and of writing scripts in
Python.
Question 12 What is the correct option if your client wants to
Correct deploy QRadar SOAR on-premise, but wants to have
access to Data Explorer, Threat Investigator, and
Points out of
Threat Intelligence Insights? Back Next
1.00

QRadar SOAR must be deployed on a virtual


image (VMware ESX).

If the client wants access to the Data Explorer,


Threat Investigator, and Threat Intelligence
Insights components, they must select the
QRadar Suite SaaS offering on Amazon Web
Services (AWS).

QRadar SOAR must be deployed on QRadar 


Suite (Software) on Red Hat OpenShift.

QRadar SOAR must be deployed on QRadar Suite


(Software) on Red Hat OpenShift with mandatory
Breach Response.
Question 13 QRadar SOAR allows the automatic and manual
Correct creation of new incidents. What is the functional
component used for manual approach of data entry?
Points out of
Back Next
1.00

Incident ticketing

Action wizard

Incident wizard 

Entry wizard
Question 14 How is application security maintained on the
Correct QRadar SOAR App Hosts?

Points out of
Back Next
1.00 Every application runs behind their own virtual
firewall. That's why we have to configure the
applicable ports for open and secure
communication.
Applications run in Kubernetes containers and
are programmed using Python.

Every secure application carries a Security


Certificate from the IBM Security App Exchange.

Each application is deployed in a different 


container, each using their own SSL/TLS
secure connection with the SOAR Platform.
Question 15 The client decided to purchase the SaaS-based
Incorrect QRadar SOAR deployment. What statement related
to Edge Gateway is correct?
Points out of
Back Next
1.00

The App Host Open Virtual Appliance (OVA)


conversion to Edge Gateway is an extra charge.

The size of the Edge Gateway is not relevant for


SaaS deployments.

The Edge Gateway sizing impacts the client's


local hardware resources.

The App Host Open Virtual Appliance (OVA) 


conversion to Edge Gateway is free of charge.

You might also like