Scribd
Upload
653 views15 pages

QRadar SOAR Quiz Insights

The document is a summary of a user's completion of a QRadar SOAR PoX product education quiz. It provides the user's score of 100%, indicating they passed and correctly answered all 16 multiple choice questions. The summary includes when the user started and completed the quiz, and how long it took them to finish.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
653 views15 pages

QRadar SOAR Quiz Insights

The document is a summary of a user's completion of a QRadar SOAR PoX product education quiz. It provides the user's score of 100%, indicating they passed and correctly answered all 16 multiple choice questions. The summary includes when the user started and completed the quiz, and how long it took them to finish.

Uploaded by

Lyu Sey
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Quiz Introduction: Initial instructions for the QRadar SOAR PoX product education quiz, including completion requirements.
  • Questions 1-2: Covers questions related to incident closure and location field usage.
  • Questions 3-4: Discusses global artifacts and app configuration on QRadar SOAR Platform.
  • Question 5: Examines valid combinations in playbook activation settings.
  • Question 6: Explores protocols available for configuring email integration in QRadar.
  • Question 7: Details steps for creating an App Host instance in QRadar SOAR.
  • Questions 8-9: Covers procedures for adding users and conditions for playbook continuation.
  • Questions 10-11: Includes questions on user creation and incident update reactions.
  • Question 12: Covers the purpose of the Activity Dashboard in QRadar SOAR.
  • Questions 13-14: Focuses on user invitation and customizing analytics dashboards.
  • Questions 15-16: Discusses central elements for security tools and installation options for an App Host.
  • Question 17: Investigates options for customization during incident creation.
  • Question 18: Highlights classifications of task creation in incidents.
  • Question 19: Explores the features available in the Resource Library for QRadar SOAR.
  • Question 20: Identifies solutions for orchestration technology and response frameworks.

QRadar SOAR PoX product education

quiz [SOAR PoX L4] Back Next

You must receive a score of 75% or higher on the quiz to complete the course.
Started on Wednesday, February 21, 2024, 9:17 AM
State Finished
Completed on Wednesday, February 21, 2024, 9:27 AM
Time taken 9 mins 50 secs
Feedback Congratulations, you passed the quiz!

Question 1 When an incident is closed without any human


Correct interaction, what type of closure is complete?

Points out of
1.00 User closure

Manual closure

Auto closure 

System closure
Question 2 When creating an incident, the location field is
Incorrect commonly left blank. What is the reason for this field
being left blank?
Points out of
Back Next
1.00

The location is only required when involving 


law enforcement officials.

The location is unknown to the organization.

The location is often considered personally


identifiable information.

The location is known, but this information is not


important.
Question 3 Looking at the Global Artifacts tab, the IP address
Correct "192.168.42.110" displays a related incident count
of 0. Which statement is true about this artifact?
Points out of
Back Next
1.00

The artifact is included in the Global Artifacts tab


and Incident Artifacts tab.

The artifact is not related to an incident and 


represents a stand-alone artifact.

The artifact is related to an incident and


represents an incident artifact.

This artifact cannot be included in any incident.

Question 4 When an app is added into the QRadar SOAR


Correct Platform, what is automatically configured for each
app?
Points out of
1.00

Functions

Workflows

Message Destinations 
Scripts
Question 5 When creating a playbook, which settings are a valid
Correct combination in the Activation details pane?

Points out of
Back Next
1.00 Activation type = Automatic
and
Object type = Threat Intelligence
Activation type = Automatic
and
Object type = Manual

Activation type = Automatic 


and
Object type = Milestone

Activation type = Attachment


and
Object type = Artifact
Question 6 To configure inbound email integration in QRadar
Correct SOAR, three protocols are supported. Which of the
following protocols can be used as one of the
Points out of
options? Back Next
1.00

Post Office Protocol version 3 (POP3)

Messaging Application Programming Interface


(MAPI)

Multipurpose Internet Mail Extensions (MIME)

Internet message access protocol (IMAP) 


Question 7 Before creating the App Host instance, a user must
Correct create the App Host pairing. Which step is correct
when pairing an App Host?
Points out of
Back Next
1.00

A user must copy the unique pairing code and


paste it on the QRadar SOAR Apps page.

A user must copy the unique pairing code to 


the clipboard and paste it on the App Host
command line.

Create a yum repository called


apphost_optional.

A user must create a unique pairing code and


paste it in the Add App Host window.
Question 8 Adding new users to the QRadar SOAR organization
Correct can be achieved in two ways. One way is to use the
command line interface. What is the other option to
Points out of
add additional users? Back Next
1.00

Invite users using email on the Users tab. 

Add users using the Add User dialog on the


Users tab.

Add users using the Add User dialog on the


Organization tab.

Because users must be a member of a group,


users are added using the Group Details dialog.

Question 9 When creating a playbook, you want to wait for


Correct branches to be finished before continuing the
playbook process, what element do you use?
Points out of
1.00

Create two parallel lines to the next element on


the process
A script

A Wait point 

A Timer function
Question 10 After you complete the QRadar SOAR installation,
Incorrect you must create a system administrator user
account. Which command is used to create the initial
Points out of
user account in QRadar SOAR? Back Next
1.00

sudo resutil create user

sudo resutil new user

sudo resutil -create new user 

sudo resilient new user

Question 11 When a user adds an additional regulator to the


Correct incident using the Breach tab, what other change
occurs automatically?
Points out of
1.00

A new widget is added to the Analytics


dashboard.

A new member is assigned to the incident.

A new Artifact is added to the incident.

A new task is added to the incident. 


Question 12 When a user is working with QRadar SOAR
Incorrect dashboards, what is the purpose of the Activity
dashboard?
Points out of
Back Next
1.00

It is the default page of QRadar SOAR that


includes charts and tables that measure
incidents over time.

It is the default page of QRadar SOAR that 


includes the same features as an incident's
task tab organized in the timeline.

It is the default page of QRadar SOAR that


includes a running news feed, tasks due soon,
and generated downloads.
It is the default page of QRadar SOAR that
includes key metrics to help security teams
measure team efficiency.
Question 13 In the QRadar SOAR interface, where can a user
Correct invite additional users with the email invitation?

Points out of
Back Next
1.00 Administrator settings 
Outbound email settings

User settings

Customization settings

Question 14 You have decided to customize your Analytics


Correct Dashboard by adding a custom HTML-based graph.
Which custom widget allows users to create HTML
Points out of
code and CSS to add images and text to the
1.00
dashboard?

Incident HTML Block

Custom CSS Block

Custom HTML Block 

Incident CSS Block


Question 15 What is the central element in QRadar SOAR,
Correct coordinating various security tools and processes for
streamlined operations?
Points out of
Back Next
1.00

Automation

App Host

Orchestration 

Response

Question 16 To install an App Host, which installation option(s)


Correct are available?

Points out of
1.00 Virtual appliance, virtual appliance in an air- 
gapped environment, standalone software,
standalone software in an air-gapped
environment

Virtual appliance and standalone software

Only virtual appliance

Virtual appliance and virtual appliance in an air-


gapped environment
Question 17 The administrator can customize many layout options
Correct for the SOAR platform. What is the purpose of these
customizations?
Points out of
Back Next
1.00

The purpose is to limit the interaction between


security teams.

The purpose is to allow an organization to 


collect the proper information during incident
creation.

The purpose is to collect the least amount of


information possible.

The purpose is to collect the most information


possible.
Question 18 An analyst is reviewing the incident task list. When
Correct hovering the mouse over the clipboard icon, a pop-up
displays how the task was created. Which of the
Points out of
following are classifications of who created the task?Back Next
1.00

Default and API

System and User 

API and System

User and API


Question 19 Hyperlinked on the Activity Dashboard, what is the
Correct Resource Library?

Points out of
Back Next
1.00 A detailed database where users can learn more
about creating apps and integrating them with
the QRadar SOAR Platform.
A list of incident reports that are available for
you to download.

A centralized database that includes breach 


notification statuses, regulations, trade
organization bulletins, and guidance
documents.

Documentation that shares all the information


about QRadar SOAR capabilities.
Question 20 What is an orchestration technology solution that
Correct provides a flexible framework for a tailored response,
crucial for sophisticated, multi-step security events?
Points out of
Back Next
1.00

Case management system 

Playbook

App Host

Ticketing system

(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=
(https://learn.ibm.com/mod/quiz/review.php?attempt=2884769&cmid=295687#) (https://learn.ibm.com/mod/quiz/review.php?attempt=

You might also like