HP0-M54 - ArcSight ESM Security Analyst

Example Questions

What is the "focus" of a Focus report? Which statement is true about join rules and chained rules? Which functions are on the right-click menu for an event? (Select two.) What do field sets correspond to? Which statements are true about assets? (Select two.) In network modeling, which resource is used by MSSP or by users with different cost centers? Report run start time, output format for report results, email distribution for report results, and report filters are all examples of what? Which ArcSight ESM Resource enables you to perform live monitoring of events? What happens if a notification requiring a response within 24 hours is not acknowledged within that time? What do you use to establish identity, ownership, and criticality of the assets you have installed on your network? What is the name of the resource you can use to override the default ArcSight mapping of IP addresses to geographic regions? What are functions of Query Viewers? (Select two.) Which statement is true about inline filters? What can you use to change the stage of a Case? Which output formats are available when running a report? (Select two.) At most, a zone can belong to how many networks? What must be done to a local Variable before it can be used with multiple resources? What stores information about logons, user actions, and the resulting events in the most concise way? In network modeling, what is a set of nodes with similar characteristics that have IPs enumerated one after the other? What is an example of an event-based Data Monitor? What are the three types of Data Monitors? Asset categories can be assigned to zones as well as assets. What happens to the assets that belong to a zone with a category of "Critical"? Event correlation, event reconciliation, moving average, session reconciliation, and statistics are all examples of which type of Data Monitors? What represents the current status in the investigation of a Case? What does the Priority Formula calculation run on? How are baselines established and used in Query Viewers? When using the Query Editor, three sub-tabs provide the options you need to properly set up the query. What information do these sub-tabs require? How do asset categorization and event categorization relate to each other? Using SSL technology, information can be communicated over an encrypted channel. What is SSL? Which are operators in the ArcSight Common Conditions Editor (CCE)? (Select two.) Which command is a valid investigate command? Active Channel views and Dashboard views are examples of Viewer Panel views. Which other views are associated with the Viewer Panel? (Select two.) Which role does the Active Channel play in testing a rule? Which process uncovers the relationship between events, infers the significance of those relationships, prioritizes them, and then provides a framework for taking action? What can ArcSight ESM Dashboards display? Which tools are used to view events in ArcSight ESM? (Select two.) Which resource defines what a report will look like when generated? What is the primary function of the ArcSight Manager? Which statement is true about a join rule? What are valid actions for a rule to take? (Select two.) Which statement is true about the ArcSight Web interface? Why would you lock a Case? Which statement is true about how filters are applied by the Connector or by the Manager? Which statements are true about event lifecycle data collection and the event processing phase? (Select two.) Which resources can be displayed in the ArcSight Web interface? (Select two.) Which string function is used to join two data fields? What does a Network Model include? (Select two.) Which type of event is displayed in an Active Channel with the following Inline Filter applied? Category Behavior = /Authentication/Verify Category Outcome = /Failure You want your Active Channel to automatically display new events as they arrive at ESM. Which time parameter should you use to accomplish this? Which ESM components collect event data?