15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

IBM Security QRadar Suite

Fundamentals Level 1 Quiz Back Next

You must receive a score of 75% or higher on the quiz to complete

the course.
Started on Monday, January 15, 2024, 5:34 PM
State Finished
Completed on Monday, January 15, 2024, 5:45 PM
Time taken 11 mins 4 secs
Feedback Congratulations, you passed this quiz!

Question 1

Correct

Points out of 1.00

A QRadar client has expressed concerns with SIEM search

performance and data retention options. What can you
recommend to your client to solve this concern?

Deploy QRadar Log Insights 

Deploy Attack Surface Management

Move to a hybrid cloud architecture with a custom

hypervisor

Try the Unified Analyst Experience

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 1/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 2

Correct

Points out of 1.00

Back Next

What are the differences between QRadar Log Insights and

QRadar SIEM?

QRadar Log Insights used MITRE ATT&CK

QRadar Log Insights does NOT provide real time 

correlation, user and entity behavior analytics,
network threat analytics, and asset profiling

QRadar SIEM delivers faster search and is available on

Amazon Web Services
QRadar Log Insights is the next generation SIEM

Question 3

Correct

Points out of 1.00

You are meeting a new prospect who is early maturity in their

security program. What QRadar solutions should you lead
with?

QRadar SIEM

QRadar SOAR
X-Force
QRadar Log Insights, QRadar EDR, or QRadar XDR 

solutions

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 2/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 4

Correct

Points out of 1.00

Back Next

A prospective client is dissatisfied with their current EDR

solution as it recently failed to detect a ransomware attack.
How would you position QRadar EDR to counter this concern?

The QRadar EDR agent is fully hardened and are

impervious to ransomware

QRadar EDR's behavioral analysis and AI engine

automatically kills ransomware before it can shut down
the agent

QRadar EDR automatically keeps the endpoint patched

against security flaws so that ransomware cannot gain a
foothold

QRadar EDR's Nano OS runs outside of the operating 

system to be undetectable and provide deep insight
into processes and apps on endpoints

Question 5

Correct

Points out of 1.00

Does QRadar support Sigma SIEM rules?

Yes, it supports the alpha format

Yes, over 3000 are included out of the box 
Yes, if you create them using a custom parser
No

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 3/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 6

Correct

Points out of 1.00

Back Next

A large prospective client is deciding between Palo Alto and

QRadar SIEM as their SIEM solution. The client wants a
solution flexible enough to be deployed on Amazon Web
Services as well as on-premise. How can you position QRadar
to address the client's requirements?

QRadar can only be deployed on-premise and on IBM

Cloud

QRadar runs on all major cloud platforms as well as 

on-prem, while Palo Alto does not have a SIEM

QRadar runs on cloud with a custom hypervisor and it also

supports on-premise deployments
QRadar can only be deployed on-premise, so this
opportunity is not ideal for IBM

Question 7

Correct

Points out of 1.00

Which QRadar solution supports Kusto Query Language (KQL)

and integrates with Grafana dashboards?

QRadar Log Insights 

Randori Attack Surface Management

QRadar SOAR
QRadar EDR

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 4/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 8

Correct

Points out of 1.00

Back Next

A large prospective client is considering both Microsoft

Sentinel and QRadar SIEM as their Security Information and
Event Management (SIEM) solution. The client wants to have a
solution that supports many log sources and can automatically
correlate and detect anomalous behavior. How do you position
QRadar to address the client’s requirements?

QRadar can integrate with any SOAR solution

Walk away from the opportunity as Microsoft has more
data connectors via parsers and scripts than QRadar SIEM
QRadar SIEM comes with over 500 out-of-the-box log 
adapters and apps, a correlation rules engine to
detect threats automatically, and user and entity
behavior analytics
QRadar’s Expert Labs team can customize security
solutions for the client

Question 9

Correct

Points out of 1.00

The client tells you they are looking for a unified enterprise
logging solution for Security with high performance search.
How do you respond?

QRadar SIEM is the industry standard for detecting

advanced threats
QRadar Log Insights is purpose-built for this use case 
and includes features for flexible data retention,
elastic scalability, and integrated threat analysis
QRadar XDR delivers alert correlation, automated
investigation, and recommended responses across many
domains
QRadar SOAR is perfect for this use case and can respond
faster by bringing in alerts from disparate data sources to
work on a single dashboard

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 5/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 10

Correct

Points out of 1.00

Back Next

Your prospective client is very excited about the Unified

Analyst Experience. What QRadar solutions should you
position?

QRadar SIEM only at this time

QRadar XDR, QRadar Log Insights, QRadar SIEM, and 
QRadar SOAR all available on Amazon Web Services
QRadar EDR and QRadar XDR
QRadar SIEM and QRadar SOAR deployed on Cloud Pak
for Security

Question 11

Correct

Points out of 1.00

How does Gartner define the Security Information and Event

Management (SIEM) market?

A globally-accessible knowledge base of adversary

tactics, techniques, and procedures that are based on
real-world observations
SIEM is intelligent log management, optimizing data
storage, and powerful data retention
Extended Detection and Response products reduce the
total cost of managing security incidents, improve
incident response teams’ efficiency and improve an
organization’s risk posture
The customer’s need to analyze event data in real 
time for early detection of targeted attacks and data
breaches, and to collect, store, investigate and report
on log data for incident response, forensics and
regulatory compliance

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 6/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 12

Correct

Points out of 1.00

Back Next

A prospective IBM client is extremely concerned about

countering the threat of ransomware. Which IBM Security
product should you position to address these concerns?

BigFix
QRadar SIEM
QRadar SOAR
QRadar EDR 

Question 13

Correct

Points out of 1.00

Which IBM QRadar Suite competitor is strongest in Network

Detection and Response?

Devo
Splunk

Palo Alto 
Microsoft Sentinel

Question 14

Correct

Points out of 1.00

The latest Gartner Magic Quadrant report showed some

significant shifts. Which competitor has become strong in the
leader quadrant?

Rapid 7
Microsoft Sentinel 
LogRhythm
Fortinet

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 7/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 15

Correct

Points out of 1.00

Back Next

You are discussing QRadar SIEM with an existing on-premise

client and they love the threat investigation automation built-
in to the Unified Analyst Experience. How can they start using
this capability today?

Switch to QRadar Log Insights

Threat Investigator is built-in to XDR Connect too that 
is available to on-premise QRadar SIEM and SOAR
clients
Unified Analyst Experience (UAX) is not available to on-
premise QRadar SIEM clients
Unified Analyst Experience (UAX) is only available on
Amazon Web Services

Question 16

Correct

Points out of 1.00

What combination of QRadar Suite solutions empower a client

to automatically collect and group events from across the
endpoint ecosystem, consolidates them into high-fidelity
alerts, and then auto-create a case that visualizes threat
activity directly from one dashboard?

QRadar EDR, QRadar SIEM, and QRadar SOAR 

QRadar SIEM and QRadar SOAR
QRadar SOAR
Randori Attack Surface Management and QRadar EDR

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 8/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 17

Correct

Points out of 1.00

Back Next

A client is planning on acquire several QRadar solutions on

Amazon Web Services, including SIEM and SOAR, and they are
interested in providing a single pane of glass console to their
analysts, along with automated investigations. How does
QRadar support this?

The Unified Analyst Experience shared across QRadar 

solutions with automated investigation
QRadar EDR

QRadar Automated Investigator

QRadar XDR

Question 18

Correct

Points out of 1.00

A client expresses their frustration with spending too much

time and money complying with regulatory reporting
requirements related to a recent breach. Which IBM product
should you introduce to help them with this problem?

QRadar EDR
QRadar SOAR 
QRadar SIEM
QRadar Unified Analyst Experience

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 9/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 19

Correct

Points out of 1.00

Back Next

What is the continuous process of discovering, classifying, and

assessing the security of an organization's assets and then
approaches security tasks from an attacker's perspective?

Attack Surface Management 

Incident Forensics
eXtended Detection and Response
Threat Detection and Response

Question 20

Correct

Points out of 1.00

A client has been reading about the new QRadar Suite and
asks you which products and offerings comprise the key
components of IBM's threat detection and response offerings
on Amazon Web Services. How do you respond?

Cloud Pak for Security, Threat Intelligence Insights,

Threat Investigator, QRadar EDR, QRadar SIEM
Identify and Access Management, Guardium, Trusteer and
Verify
QRadar EDR, QRadar XDR, QRadar Log Insights, 
QRadar SIEM, and QRadar SOAR
Qradar EDR, Threat Intelligence, QRadar SOAR, Unified
Analyst Experience

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 10/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 21

Incorrect

Points out of 1.00

Back Next

You are competing against Splunk. The client has already

deployed Splunk widely for log management. Security data
will be easy to add-on and manage. How can you counter this
perception?

QRadar SIEM is the industry standard for detecting 

advanced threats in the enterprise for 10 years
Ingesting more data into Splunk is very expensive
compared to IBM. Security use cases are an additional
cost and Splunk does not support real-time network
detection
Splunk is billed on the number of users on the system

QRadar SOAR has prebuilt integrations for a broad

ecosystem of 300+ connectors

Question 22

Correct

Points out of 1.00

As of 2022, how many years has QRadar SIEM been listed as a

leader in the Gartner Magic Quadrant?

13 

5
7

10

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 11/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 23

Correct

Points out of 1.00

Back Next

According to ESG, what percentage of organizations struggle

to detect and respond to advanced threats?

66%
51% 

29%
80%

Question 24

Correct

Points out of 1.00

A happy QRadar SIEM client is evaluating EDR solutions,

including Exabeam and Crowdstrike, and they ask you for a
recommendation on which to choose. What do you tell them?

Exabeam and Crowdstrike are inferior EDR products and

they should only consider QRadar EDR

Research has shown that EDR is an immature technology

and we recommend that clients take a wait-and-see
attitude for now

QRadar EDR is the only solution that will work with

QRadar SIEM
QRadar can work with virtually any endpoint detection 
and response solution, including Exabeam and
Crowdstrike, but they should also take a look at
QRadar EDR and QRadar XDR solutions

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 12/13
15/01/2024, 19:44 IBM Security QRadar Suite Fundamentals Level 1 Quiz: Attempt review

Question 25

Correct

Points out of 1.00

Back Next

According to a Forrester Total Economic Impact study, how

much can QRadar reduce the risk of a security incident?

Half
75% 

80%
52%

https://learn.ibm.com/mod/quiz/review.php?attempt=2810430&cmid=256034 13/13