IBM Qradar Certified Administrator/Analyst
Practice exams to obtain the IBM Qradar Certified Administrator/Analyst (100 QUESTIONS!)
What you will learn
Offense and log analysis
Understanding reference data
Rule and building block understanding
Searching and reporting, regular and adhoc reports
Understanding basic QRadar tuning and network hierarchy
Basic concepts of multi-domain QRadar instances
Why take this course?
This intermediate level certification is intended for security analysts who wish to validate their comprehensive knowledge of IBM Security QRadar SIEM V7.4.3+.
These security analysts will understand basic networking, basic IT security, SIEM and QRadar concepts. They will also understand how to log in to, navigate within, and explain capabilities of the product using the graphical user interface. Additionally, they will also be able to identify causes of offenses, and access, interpret, and report security information in a QRadar deployment.
Recommended Skills
Prerequisite Knowledge
Knowledge and foundational skills one must possess before acquiring skills measured on the certification test. These foundational skills are NOT measured on the test.
Knowledge of SIEM concepts
Knowledge of TCP/IP Networking
Knowledge of IT Security concepts
General IT skills (browser navigation etc...)
Knowledge of Internet security attack types, including but not limited to the MITRE ATT&CK Framework
Additional features that need additional licenses including but not limited to QRadar Network Insights, QRadar Incident Forensics
Key Areas of Competency
Offense and log analysis
Understanding reference data
Rule and building block understanding
Searching and reporting, regular and adhoc reports
Understanding basic QRadar tuning and network hierarchy
Basic concepts of multi-domain QRadar instances
Details:
Triage initial offense
Analyze fully matched and partially matched rules
Analyze an offense and associated IP addresses
Recognize MITRE threat groups and actors
Perform offense management
Describe the use of the magnitude of an offense
Identify events not correctly parsed and their source (Stored events)
Outline simple offense naming mechanisms
Create customized searches
Interpret rules that test for regular expressions
Create and manage reference sets and populate them with data
Install QRadar Content Packs using the QRadar Assistant App
Analyze rules that use Event and Flow data
Analyze Building Blocks: Host definition, category definition, Port definition
Review and recommend updates to the network hierarchy
Review and recommend updates to building blocks and rules
Describe the different types of rules, including behavioral, anomaly and threshold rules
Investigate Event and Flow parameters
Perform AQL query
Search & filter logs by specific log source type
Configure a search to utilize time series
Analyze potential IoCs
Break down triggered rules to identify the reason for the offense
Recommend changes to tune QRadar SIEM after offense analysis identifies issues
Distinguish potential threats from probable false positives
Add a reference set based filter in log analysis
Investigate the payload for additional details on the offense
Recommend adding new custom properties based on payload data
Perform "right-click Investigations" on offense data
Use the default QRadar dashboard to create, view, and maintain a dashboard based on common searches
Use Pulse to create, view, and maintain a dashboard based on common searches
Perform an advanced search
Explain the different uses for each search type
Filter search results
Build threat reports
Perform a quick search
View the most commonly triggered rules
Report events correlated in the offense
Export Search results in CSV or XML
Create reports and advanced reports out of offenses
Share reports with users
Search using indexed and non-indexed properties
Create and generate scheduled and manual reports