Number of questions: 60
Number of questions to pass: 38
The test consists of 5 sections containing a total of approximately 60 multiple-choice questions. The percentages after each section title reflect the approximate distribution of the total question set across the sections.
Section 1: Monitor outputs of configured use cases – 15%
Section 2: Perform initial investigation of alerts and offenses created by QRadar – 35%
Section 3: Identify and escalate undesirable rule behavior to administrator – 20%
Section 4: Extract information for regular or adhoc distribution to consumer of outputs – 17%
Section 5: Identify and escalate issues with regards to QRadar health and functionality – 13%