HP ArcSight Security Solutions v6.0

Page:    1 / 4   
Exam contains 60 questions

What is a reporting enhancementin ArcSight Express release 4.0?

  • A. Ability to include more than one chart type in a report
  • B. Ability to define non ESM users as recipients, and create a report once and distribute it to multiple recipients
  • C. Ability to generate reports of list members
  • D. Ability to generate reports of trend data

Answer : B


Which ArcSight solution delivers Arc Sightcontent to add specific compliance or standard requirements such as PCI andSarbanes-Oxley(SOX)?

  • A. Compliance Insight Package
  • B. ArcSightResource Collector
  • C. ArcSightUpdate Package
  • D. ArcSightPackage Bundle

Answer : A


What is CIP an acronym for?

  • A. Collector Intrusion Package
  • B. Compliance Insight Package
  • C. Correlation Incursion Package
  • D. Component Instruction Package

Answer : B

Reference: http://www.flashcardmachine.com/arcsight-esm.html

Which feature of Arc SightSmart Connectorsreduces the quantity of events sent to the ESM

  • A. Normalization
  • B. Host name lookup
  • C. Categorization
  • D. Aggregation

Answer : D

Reference:http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf(See the page #04 line #05).

What is the main purpose of the ArcSight ESM Query Viewer resource?

  • A. To view both SQL queries and reports in a dashboard
  • B. To view quick, high-level summaries of security events
  • C. To get low-level detailed event activities
  • D. To view and edit the underlying SOL queries

Answer : B

Reference:http://www.hpenterprisesecurity.com/collateral/protect2012/HP_Protect_2012_S essions.pdf

What are the features that allow you to use Arc Sight Logger throughout your network?

  • A. Logger has pre-packaged content with forensics on-the-fly capability.
  • B. Logger allows you to deploy a single solution to manage all log data across your enterprise.
  • C. Logger uses a pattern matching and anomaly detection system to find very subtle and sophisticated threats.
  • D. Logger has two deployment options with a detached database.

Answer : A


Which statement is correct?

  • A. ArcSight Logger event schema is different from the ESM event schema
  • B. ArcSight Logger receives events from Connectors rather than from raw events
  • C. ArcSight Logger cannot compress data.
  • D. ArcSight Logger must be used together with an ArcSight ESM

Answer : B

What is ArcSightExpress?

  • A. An appliance thatbuilds and maintains a detailed understanding ofyour network's topology, enabling you to centrally manage your infrastructure
  • B. Anappliance used for long termlog data retention and forensics, with very high through put
  • C. An appliance to host and "linage multiple SmartConnectors in a single device
  • D. An appliancecombining ESM functionality with an easy-to-deploy security monitoring and response system

Answer : C

Reference:http://www8.hp.com/us/en/software-solutions/siem-security-information-event- management/index.html

How are CIPs licensed?

  • A. CIPs are included as standard in Logger
  • B. CIPs are additional, paid for components.
  • C. CIPs areincluded as standard in Connector Appliance
  • D. CIPs are included as standard in ESM

Answer : A

Which database management system technology is utilized by the ArcSight ESM 6.5c?

  • A. DB2
  • B. CORR-Engine
  • C. SQL Server Express Edition
  • D. Oracle 10g

Answer : B


What are functionsof a SmartConnector?(Select two)

  • A. Collecting data from a source device
  • B. Parking and normalizing events
  • C. Long-term storage repository for events
  • D. Performing correlation evaluation
  • E. Discovering day-zero attacks

Answer : A,B

Reference:http://ijecs.in/issue/v3-i4/20%20ijecs.pdf(See the Page #02).

Which statement is correct?

  • A. SmartConnectors cannot execute commands.
  • B. Smart Connect or installers are operating system independent
  • C. SmartConnectors use the Event Category Model to describe normalized events
  • D. SmartConnectors correlate events from raw data.

Answer : C

Reference:http://h20195.www2.hp.com/V2/getpdf.aspx/4AA5-1975ENW.pdf(See the
Overview 2nd and 3rdparagraph).

The ArcSight ESM collects, normalizes, aggregates, and filters millions of what?

  • A. Intrusions
  • B. Transactions
  • C. Packets
  • D. Log events

Answer : D

Reference: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf

Whatis the most important reason or benefit for customers to use ArcSight ESM?

  • A. Events correlation
  • B. Raw data storage
  • C. Events aggregation
  • D. Central management of connectors

Answer : D

Which ESM component does the Event Priority Evaluation and Asset Model look up?

  • A. ESM console
  • B. CORR engine
  • C. SmartConnectors
  • D. ESM manager

Answer : C

Page:    1 / 4   
Exam contains 60 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us