HP ArcSight ESM 6.5 Security Administrator and Analyst v6.0

Page:    1 / 12   
Exam contains 179 questions

In network modeling, what is a set of nodes with similar characteristics that have IPs enumerated one after the other?

  • A. IP group
  • B. asset group
  • C. asset range
  • D. IP range


Answer : C

Which document provides the most detailed instructions for applying an Oracle CPU?

  • A. Oracle CPU release notes
  • B. ArcSight ESM Administrator's Guide
  • C. Opatch Readme file
  • D. ArcSight ESM Installation Guide


Answer : A

By default, which TCP/IP port is used by ArcSight Command Center to communicate with a web browser client?

  • A. 1521
  • B. 9443
  • C. 8443
  • D. 443


Answer : C

Reference:
http://eromang.zataz.com/2011/06/26/arcsight-logger-and-smartconnectors-questions-and- answers/

Which ArcSight Solution works as a GPS for privileged user activity that identifies unusual hehavior?

  • A. ThreatDetector
  • B. Pattern Discovery
  • C. IdentityView
  • D. ldentityCorrelation


Answer : B

Which statement best describes how baselines are established and used in Query
Viewers?

  • A. Baselines are created using query results, which are fed into the Image Editor for filtering and display in the related Data Monitor.
  • B. Baselines are created using rules. After the rule is triggered, the resulting action establishes a baseline against which future rules are evaluated in the Query Viewer.
  • C. Baselines are created using query results. When a query has one or more baselines available, you can compare the current results with a baseline.
  • D. Baselines are created using query results. The baseline from the query is used to create a new field set definition that can be run against future events.


Answer : B

Which Event Schema group contains data fields, which describe the connector reporting an event?

  • A. Event
  • B. Device
  • C. Source
  • D. Agent


Answer : D

What is a function of the Variable GetSessionData?

  • A. retrieves data fields from a Session List
  • B. sends session details to the ArcSight Manager
  • C. populates a Session List
  • D. investigates session details in the audit log


Answer : A

What do you use to establish identity, ownership, and criticality of the assets you have installed on your network?

  • A. asset types
  • B. asset groups
  • C. asset categories
  • D. asset ranges


Answer : C

What are potential ways of acknowledging notifications? (Select two.)

  • A. by replying to notification email
  • B. by calling in to the notification response hotline
  • C. by sending email to SysAdmin
  • D. by using the Notifications Manager in the ArcSight Console


Answer : A,D

What happens when a Connector upgrade that was initiated from within the ArcSight
Console fails?

  • A. The Connector automatically rolls back to the previously working version.
  • B. The Connector does not respond to the failed upgrade.
  • C. The Connector reports to the Manager that the upgrade failed and then died.
  • D. The Connector automatically attempts the upgrade again.


Answer : A

What is the primary function of the ArcSight Manager?

  • A. It accepts correlated, prioritized events from SmartConnectors with instructions from the ArcSight Console, and writes events to the database.
  • B. It manages bottlenecks between the connectors, the ArcSight Console, and the ESM Database.
  • C. It writes incoming events to the database while simultaneously processing events through the Correlation engine.
  • D. It restores the rule definitions that drive the functioning of ArcSight ESM.


Answer : C

Why would you lock a Case?

  • A. to close and archive a Case
  • B. to prevent others from modifying the Case while you edit or attach something to the Case
  • C. to prevent the Case from being seen in the Resource List
  • D. to preserve the state of the Case


Answer : B

Which three attributes are used to describe an Asset Model?

  • A. vulnerabilities, locations, and asset categories
  • B. locations, asset categories, and threats
  • C. asset types, asset categories, and locations
  • D. vulnerabilities, addresses, and threats


Answer : A

What is an example of an event-based Data Monitor?

  • A. moving average
  • B. rules partial match
  • C. last n events
  • D. session reconciliation


Answer : C

What are valid actions for a rule to take? (Select two.)

  • A. generating a report
  • B. executing a command
  • C. sending a notification
  • D. Creating a vulnerability
  • E. adding a condition to a filter


Answer : C,E

Page:    1 / 12   
Exam contains 179 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us