HP0-A100 - HP ArcSight Security Solutions
Go back to HP
What is CIP an acronym for?
Compliance Insight Package
Which component performs the data collection and normalization?
What is the major benefit of ArcSight Logger?
Real-time threat detection
Which ESM component does the Event Priority Evaluation and Asset Model look up?
Which schema group contains the timestamp of the event and name of the event?
Source Event Schema
How does the ArcSight ESM Manager display statistical views of the data on your network?
Which appliance provides advanced event correlation, event analysis and investigation, options for remediation and even, storage?
ArcSight Logger Appliance
Which event lifecycle phase discovers the relationships between events, infers the significance of those relationships, prioritizes them, and provides a framework to take action?
Which type of ESM resources are imported from an external Identity Management System by using IdentityView?
Which HP Enterprise Security Product analyzes and correlates every event that occurs across the organization to deliver accurate prioritization of security risks and compliance violations?
Enterprise Security Manager
How many ESM event schema groups are there?
What is an ArcSight Logger architecture component?
The ArcSight ESM collects, normalizes, aggregates, and filters millions of what?
What is a purpose of Smart Connectors?
To parse raw data
What is an example of a CIP package used for compliance?
The ArcSight ESM uses which component to gather events?
What is a function of a Connector Appliance?
To provide a secure web-based console to ESM
The normalization process occurs at which event lifecycle phase?
Priority evaluation and network model lookup
What is the main purpose of the ArcSight ESM Query Viewer resource?
To view quick, high-level summaries of security events
What does Arc Sight Identity View integrate?
Industry Standard Database connectivity via JD0C
How does a CIP help an organization? (Select two.)
Contributes to establishing a strong IT governance program and reducing costs
Helps to meet regulatory compliance requirements
What is the main purpose of using Identity View within an ESM environment?
To model network architecture within the ESM environment to perform advanced correlation on Asset and User events
What does the ArcSight ESM prioritize?
Correlated events only
What is a reporting enhancement in ArcSight Express release 4.0?
Ability to define non ESM users as recipients, and create a report once and distribute it to multiple recipients
What is the output of the Data Collection and Event Processing phase?
What are the features that allow you to use Arc Sight Logger throughout your network?
Logger has pre-packaged content with forensics on-the-fly capability.
What is the most important reason or benefit for customers to use ArcSight ESM?
Central management of connectors
Which database management system technology is utilized by the Arc Sight ESM 6.5c?
How are CIPs licensed?
CIPs are included as standard in Logger
Which component performs event aggregation?
What is the name of the process that parses raw events and stores them into the corresponding data fields in the ESM event schema?
What is IAM an acronym for?
Identity and Access Management
Which feature of Arc Sight Smart Connectors reduces the quantity of events sent to the ESM Manager?
For its correlation and automated event analysis capabilities, which ESM component is considered the brain of the HP ArcSight SIEM platform?
Which statement is correct?
Smart Connectors use the Event Category Model to describe normalized events
In which phase are functions from the ESM Console (such as NS lookup, Ping, Port info, Trace route and who is) performed?
Which task is performed by the manager during the Priority Evaluation and Network Model Lookup phase?
Raw events processing
Which resource used in the Workflow phase in the event lifecycle, .tracks either individual events or multiple related events?
What is a major benefit of using ArcSight ESM?
Real time threat detection
Which Arc Sight solution delivers Arc Sight content to add specific compliance or standard requirements such as PCI and Sarbanes-Oxley (SOX)?
Compliance Insight Package
Which statement is true about Arc Sight Identity View?
It uses the Arc Sight Asset Model import Connector to populate and maintain the model in sync with your Identity Management System (IDMS)
What is the main purpose of the ArcSight ESM?
To correlate events and provide real-time threat detection
Which statement describes a CIP?
A collection of ArcSight resources to monitor IT assets, based on regulatory requirements
In which ESM event schema group can the Priority field with a value from 0 to 10 (calculated using ArcSight proprietary Threat Level Formula) be found?
What is the major benefit of using ArcSight Connector Appliance?
Ability to perform correlation on raw data
Which security product features are offered in ArcSight Express? (Select two)
Support for FIPS
Which function is performed by the ArcSight ESM Manager?
Normalizes event data into CEF fields
What is the primary feature of Connector Appliance?
Supports bulk operations on all Smart Connectors
Which type of ESM resources is able to create correlation events?
What are three resources used in the Correlation phase of the event lifecycle?
Filters, rules, data monitors