HPE2-W05 Online Practice Questions and Answers
You receive an email alert that a Packet Processor forwarding AMON data at a remote site to a cloud-based Analyzer has stopped communicating. Is this a valid step to try to fix the issue? (Log into the Packet Processor and check the Alerts page to make sure that the alert is still valid.)
A. Yes
B. No
You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (To see the alarms, navigate to the IntroSpect Analyzer Menu> System Status>Alerts> page.)
A. Yes
B. No
You need to deploy IntroSpect Analyzer in your existing network. You are planning to configure logs from multiple systems around your network. Can this 3rd-party tool collect the logs and push them to Analyzer? (Splunk Enterprise will allow push notifications.)
A. Yes
B. No
A company wants to integrate ClearPass with the IntroSpect. Is this a supported version? (ClearPass 6.7.3.)
A. Yes
B. No
While reviving the logs at a customer site you notice that one particular device is accessing multiple
servers in the environment, using a number of different user accounts. When you question the IT admin,
they tell you that the computer is a JumpBox and running software used to monitor all of the servers in the
environment.
Would this be a logical next step? (You can safely ignore this activity as this is normal behavior for a
JumpBox.)
A. Yes
B. No
You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload? (As a general rule, the data rate should be below 5000 event/sec.)
A. Yes
B. No
A network administrator is looking for an option to set the maximum data retention period to 180 days in the IntroSpect Analyzer. Is this a correct statement about data retention in IntroSpect? (The data retention period cannot exceed 90 days.)
A. Yes
B. No
Refer to the exhibit.
You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Host name.)
A. Yes
B. No
Would this be a proper correlation between entity and attack stage? (There is an alert for port scans by an entity, and you correlate that to a malware doing recon.)
A. Yes
B. No
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For "Command and Control" you can monitor DNS through network tap ports.)
A. Yes
B. No