HP0-A116 - HP ArcSight ESM 6.5 Security Administrator and Analyst
Go back to HP
The Packages view in the ArcSight Console Navigator provides access to all discrete resources that are part of a package in a single view. The dependency view toggle in the Package tree header shows required packages, which are packages on which other packages depend. What is the visual indicator of this dependency?
The package name is underlined.
Which functions does a non-event based Data Monitor perform?
monitors and displays ArcSight ESM system and platform status
Which ArcSight resource objects do Field Sets correspond to?
columns in an Active Channel Grid view
Why is it sometimes necessary to lock a Case?
to close and archive a Case
Which statements are true about results in Query Viewers? (Select two.)
Results can be displayed as tables or charts, and added to Dashboards
Results can be used to generate reports.
When is it useful to schedule rules rather than have them run in real time?
when you anticipate a worm or virus attack
Command Center Event Search consists of which search syntax methods?
field-query search, simple query search, and complex expression search
How do asset categorization and event categorization relate to each other?
Asset categorization and event categorization use the same field set to apply categories to assets and events
Which statement best describes how baselines are established and used in Query Viewers?
Baselines are created using rules. After the rule is triggered, the resulting action establishes a baseline against which future rules are evaluated in the Query Viewer.
By default, which TCP/IP port is used by ArcSight Command Center to communicate with a web browser client?
You want your Active Channel to automatically display new events as they arrive at ESM. Which time parameter you use to accomplish this?
Which statement is true about the ArcSight Web interface?
Data Monitors cannot be added to a Dashboard from the ArcSightWebinterface.
Which procedure allows you to terminate a session within a Session List? (Select two)
Exceed the time-out based on entry expiration time
Close the session by exiting the ArcSight Console.
Which ArcStght Console user settings can be changed in the Preferences Editor?
number of rows displayed in an Active Channel
What is the effect of the constraints used in an event search query?
They limit the range or focus of data sources to be searched.
ESM components fail to consistently restart after a system reboot and require individual intervention with repeated arcsight_services component restart commands. Which log file offers troubleshooting information that will help resolve this issue?
Which authenticators are configurable by ArcSight Command Center?
RADIUS Authentication, Microsoft Active Directory, Simple LDAP, or Built-in Authentication
What can you use to change the stage of a Case?
Which access type is provided with ESM Access Control Lists?
Specific User Group read and write access to specific Resource Groups
Which ArcSight ESM user type provides full privileges to use the Command Center, the ArcSight Console, the Arcsight Web client, and all tools?
What are the three general types of Data Monitors?
event-based, matching conditions and non-event based
Which processes occur in the first phase of the event lifecycle? (Select two.)
applying event categories
normalizing event data
Report run start time, output format for report results, email distribution for report results, and report filters are all examples of what?
report data sources
Using ESM 6.5 ArcSight Command Center, which drill down type is available?
query viewer drilldowns into channels, reports, dashboards, or other query viewers
How are ESM Global Variables created?
from the Local Variables tab of the Filter Resource and only by promoting a Local Variable
What Is the ArcSight Event Schema?
a set of events with a common format, collected over a user-defined time period
During your ESM installation and configuration, none of the Foundation Packages were selected in the Configuration Wizard. What should you do to install the Foundation Packages?
Install the Foundation Packages from the ArcSight Console Resource Navigator right-click menus
Where are the resource settings located that determine ArcSight ESM User Password Policy?
in the server.defaults.properties file
If a username and password are used for authenticating a remote peer, when would you need to use those credentials a second time?
every time a distributed search is run and results are exported to the remote peer
What is the procedure to reset all ArcSight Console preferences back to default?
Copy the "console.defaults.properties" file to overwrite the "console.properties" file.
What do the start and end times associated with a notification destination indicate?
the period of time during which the notification can be sent to the destination
Which TCP/IP port is the default when a web browser is used to connect to the ArcSight Command Center?
Which statements are true about Session Lists? (Select two)
They can share entries with other Session Lists.
They can be used to populate Active Lists.
What are functions of Query-Viewers? (Select two.)
providing a baseline analysis of events against which future queries can be compared
providing a quick way to run SQL queries and identify trends without running reports
What are the three major display components of an Active Channel in the Viewer Panel?
Header, Radar, and Grid
What is the "focus" of a Focus report?
a subset of a larger (for example, monthly or quarterly) report
Which statements are true about escalation levels? (Select two.)
They must be defined separately for each notification type.
They must be created in the order in which you want escalation to proceed.
Which pairs of resources can be displayed in the ArcSight Web interface? (Select two.)
Reports and Dashboards
Knowledge Base articles and Templates
What are valid actions for a rule to take? (Select two.)
sending a notification
adding a condition to a filter
Which ArcSight Solution works as a GPS for privileged user activity that identifies unusual hehavior?
Which functions are on the right-click menu for an event in the ConsoleViewer panel? (Select two.)
Show Event Chart
What is the impact of checking Auto Update on the Search Results header, and selecting a time of 2 minutes?
The current field set is refreshed, and any results that changed in the grid are flagged with a highlight.
During which process is the first user created for access to ESM?
during the authentication phase of the SmartConnector Installation
Which host user should own the .tararchive from which the ArcSight ESM Suite bin file containing ESM components, and installation and configuration wizards is extracted?
Which component determines how a report looks when it is generated?
Which statements are true about Active Lists? (Select two.)
They can store data over longer periods of time than rules or Data Monitors.
They always include start time and end time fields.
From where are the local ArcSight Console Preference Settings accessed?
Active Channel views and Dashboard views are examples of ArcSight Console Viewer Panel views. Which other views are associated with the Viewer Panel? (Select two)
Of the 17 event field groups defined in the ArcSight Event Schema, in which group can data fields describing an event's importance as assessed by ArcSight ESM be found?
Under which circumstances does a Connector use its cache? (Select two.)
when a burst of events exceeds what the Manager can handle
when the Connector cannot communicate with its destination