HP ArcSight Security Solutions v6.0

Page:    1 / 4   
Exam contains 60 questions

What is a reporting enhancementin ArcSight Express release 4.0?

  • A. Ability to include more than one chart type in a report
  • B. Ability to define non ESM users as recipients, and create a report once and distribute it to multiple recipients
  • C. Ability to generate reports of list members
  • D. Ability to generate reports of trend data


Answer : B

Reference:http://www.computerlinks.com/fms/23622.hp_arcsight_express_4_0.pdf

Which ArcSight solution delivers Arc Sightcontent to add specific compliance or standard requirements such as PCI andSarbanes-Oxley(SOX)?

  • A. Compliance Insight Package
  • B. ArcSightResource Collector
  • C. ArcSightUpdate Package
  • D. ArcSightPackage Bundle


Answer : A

Reference:http://www8.hp.com/us/en/software-
solutions/software.html?compURI=1340221#.VLNR79LF_Ws

What is CIP an acronym for?

  • A. Collector Intrusion Package
  • B. Compliance Insight Package
  • C. Correlation Incursion Package
  • D. Component Instruction Package


Answer : B

Reference: http://www.flashcardmachine.com/arcsight-esm.html

Which feature of Arc SightSmart Connectorsreduces the quantity of events sent to the ESM
Manager?

  • A. Normalization
  • B. Host name lookup
  • C. Categorization
  • D. Aggregation


Answer : D

Reference:http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf(See the page #04 line #05).

What is the main purpose of the ArcSight ESM Query Viewer resource?

  • A. To view both SQL queries and reports in a dashboard
  • B. To view quick, high-level summaries of security events
  • C. To get low-level detailed event activities
  • D. To view and edit the underlying SOL queries


Answer : B

Reference:http://www.hpenterprisesecurity.com/collateral/protect2012/HP_Protect_2012_S essions.pdf

What are the features that allow you to use Arc Sight Logger throughout your network?

  • A. Logger has pre-packaged content with forensics on-the-fly capability.
  • B. Logger allows you to deploy a single solution to manage all log data across your enterprise.
  • C. Logger uses a pattern matching and anomaly detection system to find very subtle and sophisticated threats.
  • D. Logger has two deployment options with a detached database.


Answer : A

Reference:https://www.scribd.com/doc/231540875/Arcsight-Complete-Overview

Which statement is correct?

  • A. ArcSight Logger event schema is different from the ESM event schema
  • B. ArcSight Logger receives events from Connectors rather than from raw events
  • C. ArcSight Logger cannot compress data.
  • D. ArcSight Logger must be used together with an ArcSight ESM


Answer : B

What is ArcSightExpress?

  • A. An appliance thatbuilds and maintains a detailed understanding ofyour network's topology, enabling you to centrally manage your infrastructure
  • B. Anappliance used for long termlog data retention and forensics, with very high through put
  • C. An appliance to host and "linage multiple SmartConnectors in a single device
  • D. An appliancecombining ESM functionality with an easy-to-deploy security monitoring and response system


Answer : C

Reference:http://www8.hp.com/us/en/software-solutions/siem-security-information-event- management/index.html

How are CIPs licensed?

  • A. CIPs are included as standard in Logger
  • B. CIPs are additional, paid for components.
  • C. CIPs areincluded as standard in Connector Appliance
  • D. CIPs are included as standard in ESM


Answer : A

Which database management system technology is utilized by the ArcSight ESM 6.5c?

  • A. DB2
  • B. CORR-Engine
  • C. SQL Server Express Edition
  • D. Oracle 10g


Answer : B

Reference:https://www.linkedin.com/pub/roger-linnenburger/65/179/a3b

What are functionsof a SmartConnector?(Select two)

  • A. Collecting data from a source device
  • B. Parking and normalizing events
  • C. Long-term storage repository for events
  • D. Performing correlation evaluation
  • E. Discovering day-zero attacks


Answer : A,B

Reference:http://ijecs.in/issue/v3-i4/20%20ijecs.pdf(See the Page #02).

Which statement is correct?

  • A. SmartConnectors cannot execute commands.
  • B. Smart Connect or installers are operating system independent
  • C. SmartConnectors use the Event Category Model to describe normalized events
  • D. SmartConnectors correlate events from raw data.


Answer : C

Reference:http://h20195.www2.hp.com/V2/getpdf.aspx/4AA5-1975ENW.pdf(See the
Overview 2nd and 3rdparagraph).

The ArcSight ESM collects, normalizes, aggregates, and filters millions of what?

  • A. Intrusions
  • B. Transactions
  • C. Packets
  • D. Log events


Answer : D

Reference: http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone- government/sbaGov_arcsightDguide.pdf

Whatis the most important reason or benefit for customers to use ArcSight ESM?

  • A. Events correlation
  • B. Raw data storage
  • C. Events aggregation
  • D. Central management of connectors


Answer : D

Which ESM component does the Event Priority Evaluation and Asset Model look up?

  • A. ESM console
  • B. CORR engine
  • C. SmartConnectors
  • D. ESM manager


Answer : C

Page:    1 / 4   
Exam contains 60 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.