HP ArcSight Security Solutions v6.0

Page:    1 / 4   
Exam contains 65 questions

What is a reporting enhancementin ArcSight Express release 4.0?

  • A. Ability to include more than one chart type in a report
  • B. Ability to define non ESM users as recipients, and create a report once and distribute it to multiple recipients
  • C. Ability to generate reports of list members
  • D. Ability to generate reports of trend data

Answer : B


Which ArcSight solution delivers Arc Sightcontent to add specific compliance or standard requirements such as PCI andSarbanes-Oxley(SOX)?

  • A. Compliance Insight Package
  • B. ArcSightResource Collector
  • C. ArcSightUpdate Package
  • D. ArcSightPackage Bundle

Answer : A


What is CIP an acronym for?

  • A. Collector Intrusion Package
  • B. Compliance Insight Package
  • C. Correlation Incursion Package
  • D. Component Instruction Package

Answer : B

Reference: http://www.flashcardmachine.com/arcsight-esm.html

Which feature of Arc SightSmart Connectorsreduces the quantity of events sent to the ESM

  • A. Normalization
  • B. Host name lookup
  • C. Categorization
  • D. Aggregation

Answer : D

Reference:http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf(See the page #04 line #05).

What is the main purpose of the ArcSight ESM Query Viewer resource?

  • A. To view both SQL queries and reports in a dashboard
  • B. To view quick, high-level summaries of security events
  • C. To get low-level detailed event activities
  • D. To view and edit the underlying SOL queries

Answer : B

Reference:http://www.hpenterprisesecurity.com/collateral/protect2012/HP_Protect_2012_S essions.pdf

What are the features that allow you to use Arc Sight Logger throughout your network?

  • A. Logger has pre-packaged content with forensics on-the-fly capability.
  • B. Logger allows you to deploy a single solution to manage all log data across your enterprise.
  • C. Logger uses a pattern matching and anomaly detection system to find very subtle and sophisticated threats.
  • D. Logger has two deployment options with a detached database.

Answer : A


Which statement is correct?

  • A. ArcSight Logger event schema is different from the ESM event schema
  • B. ArcSight Logger receives events from Connectors rather than from raw events
  • C. ArcSight Logger cannot compress data.
  • D. ArcSight Logger must be used together with an ArcSight ESM

Answer : B

What is ArcSightExpress?

  • A. An appliance thatbuilds and maintains a detailed understanding ofyour network's topology, enabling you to centrally manage your infrastructure
  • B. Anappliance used for long termlog data retention and forensics, with very high through put
  • C. An appliance to host and "linage multiple SmartConnectors in a single device
  • D. An appliancecombining ESM functionality with an easy-to-deploy security monitoring and response system

Answer : C

Reference:http://www8.hp.com/us/en/software-solutions/siem-security-information-event- management/index.html

How are CIPs licensed?

  • A. CIPs are included as standard in Logger
  • B. CIPs are additional, paid for components.
  • C. CIPs areincluded as standard in Connector Appliance
  • D. CIPs are included as standard in ESM

Answer : A

Which database management system technology is utilized by the ArcSight ESM 6.5c?

  • A. DB2
  • B. CORR-Engine
  • C. SQL Server Express Edition
  • D. Oracle 10g

Answer : B


What are functionsof a SmartConnector?(Select two)

  • A. Collecting data from a source device
  • B. Parking and normalizing events
  • C. Long-term storage repository for events
  • D. Performing correlation evaluation
  • E. Discovering day-zero attacks

Answer : AB

Reference:http://ijecs.in/issue/v3-i4/20%20ijecs.pdf(See the Page #02).

Which statement is correct?

  • A. SmartConnectors cannot execute commands.
  • B. Smart Connect or installers are operating system independent
  • C. SmartConnectors use the Event Category Model to describe normalized events
  • D. SmartConnectors correlate events from raw data.

Answer : C

Reference:http://h20195.www2.hp.com/V2/getpdf.aspx/4AA5-1975ENW.pdf(See the
Overview 2nd and 3rdparagraph).

The ArcSight ESM collects, normalizes, aggregates, and filters millions of what?

  • A. Intrusions
  • B. Transactions
  • C. Packets
  • D. Log events

Answer : D

Reference: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf

Whatis the most important reason or benefit for customers to use ArcSight ESM?

  • A. Events correlation
  • B. Raw data storage
  • C. Events aggregation
  • D. Central management of connectors

Answer : D

Which ESM component does the Event Priority Evaluation and Asset Model look up?

  • A. ESM console
  • B. CORR engine
  • C. SmartConnectors
  • D. ESM manager

Answer : C

Page:    1 / 4   
Exam contains 65 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy