HP ArcSight ESM 6.5 Security Administrator and Analyst v6.0

Page:    1 / 12   
Exam contains 179 questions

In network modeling, what is a set of nodes with similar characteristics that have IPs enumerated one after the other?

  • A. IP group
  • B. asset group
  • C. asset range
  • D. IP range

Answer : C

Which document provides the most detailed instructions for applying an Oracle CPU?

  • A. Oracle CPU release notes
  • B. ArcSight ESM Administrator's Guide
  • C. Opatch Readme file
  • D. ArcSight ESM Installation Guide

Answer : A

By default, which TCP/IP port is used by ArcSight Command Center to communicate with a web browser client?

  • A. 1521
  • B. 9443
  • C. 8443
  • D. 443

Answer : C

http://eromang.zataz.com/2011/06/26/arcsight-logger-and-smartconnectors-questions-and- answers/

Which ArcSight Solution works as a GPS for privileged user activity that identifies unusual hehavior?

  • A. ThreatDetector
  • B. Pattern Discovery
  • C. IdentityView
  • D. ldentityCorrelation

Answer : B

Which statement best describes how baselines are established and used in Query

  • A. Baselines are created using query results, which are fed into the Image Editor for filtering and display in the related Data Monitor.
  • B. Baselines are created using rules. After the rule is triggered, the resulting action establishes a baseline against which future rules are evaluated in the Query Viewer.
  • C. Baselines are created using query results. When a query has one or more baselines available, you can compare the current results with a baseline.
  • D. Baselines are created using query results. The baseline from the query is used to create a new field set definition that can be run against future events.

Answer : B

Which Event Schema group contains data fields, which describe the connector reporting an event?

  • A. Event
  • B. Device
  • C. Source
  • D. Agent

Answer : D

What is a function of the Variable GetSessionData?

  • A. retrieves data fields from a Session List
  • B. sends session details to the ArcSight Manager
  • C. populates a Session List
  • D. investigates session details in the audit log

Answer : A

What do you use to establish identity, ownership, and criticality of the assets you have installed on your network?

  • A. asset types
  • B. asset groups
  • C. asset categories
  • D. asset ranges

Answer : C

What are potential ways of acknowledging notifications? (Select two.)

  • A. by replying to notification email
  • B. by calling in to the notification response hotline
  • C. by sending email to SysAdmin
  • D. by using the Notifications Manager in the ArcSight Console

Answer : A,D

What happens when a Connector upgrade that was initiated from within the ArcSight
Console fails?

  • A. The Connector automatically rolls back to the previously working version.
  • B. The Connector does not respond to the failed upgrade.
  • C. The Connector reports to the Manager that the upgrade failed and then died.
  • D. The Connector automatically attempts the upgrade again.

Answer : A

What is the primary function of the ArcSight Manager?

  • A. It accepts correlated, prioritized events from SmartConnectors with instructions from the ArcSight Console, and writes events to the database.
  • B. It manages bottlenecks between the connectors, the ArcSight Console, and the ESM Database.
  • C. It writes incoming events to the database while simultaneously processing events through the Correlation engine.
  • D. It restores the rule definitions that drive the functioning of ArcSight ESM.

Answer : C

Why would you lock a Case?

  • A. to close and archive a Case
  • B. to prevent others from modifying the Case while you edit or attach something to the Case
  • C. to prevent the Case from being seen in the Resource List
  • D. to preserve the state of the Case

Answer : B

Which three attributes are used to describe an Asset Model?

  • A. vulnerabilities, locations, and asset categories
  • B. locations, asset categories, and threats
  • C. asset types, asset categories, and locations
  • D. vulnerabilities, addresses, and threats

Answer : A

What is an example of an event-based Data Monitor?

  • A. moving average
  • B. rules partial match
  • C. last n events
  • D. session reconciliation

Answer : C

What are valid actions for a rule to take? (Select two.)

  • A. generating a report
  • B. executing a command
  • C. sending a notification
  • D. Creating a vulnerability
  • E. adding a condition to a filter

Answer : C,E

Page:    1 / 12   
Exam contains 179 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.