HPE2-W05 Online Practice Questions and Answers

You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (To see the alarms, navigate to the IntroSpect Analyzer Menu> System Status>Alerts> page.)

A. Yes

B. No

You are deploying a new IntroSpect Packet Processor in your data center. It is not communicating with the analyzer in the same data center. You think that you have entered the host name of the analyzer incorrectly while bootstrapping the packet processor. Would this be a logical next step? (Clear out the bootstrap data and restart the system. After the restart, rerun the bootstrap.)

A. Yes

B. No

You were called into a customer site to do an evaluation of installing IntroSpect for a small business. During the discovery process, the customer asks you to explain when they would need to deploy a Packet Processor. Does this explain the function of the Packet Processor? (The packet Processor helps if they are using the analyzer deployed in the cloud by forwarding log data over HTTPS.)

A. Yes

B. No

You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload? (As a general rule, the data rate should be below 9000 event/sec.)

A. Yes B. No

A network administrator is looking for an option to set the maximum data retention period to 180 days in the IntroSpect Analyzer. Is this a correct statement about data retention in IntroSpect? (The default data retention period is set at 30 days, and this cannot be changed.)

A. Yes

B. No

You are working on an IntroSpect Analyzer to fix an issue, and a restart is required after fixing the issue. Is this the correct procedure to restart? (From the Analyzer Menu navigate to Configuration ->Cluster>Cluster Start/Stop->Restart Cluster.)

A. Yes

B. No

Refer to the exhibit.

You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Source Host.)

A. Yes

B. No

Your company has found some suspicious conversations for some internal users. The security team suspects those users are communicating with entities in other countries. You have been assigned the task of identifying those users who are either uploading or downloading files from servers in other countries. Is this the best way to visualize conversations of suspected users in this scenario? (Visualizing Applications and Ports.)

A. Yes

B. No

In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.

Would this be a correct correlation? (For "Command and Control" you can monitor DNS through AMON on the Aruba Mobility Controllers.)

A. Yes

B. No

The company has a DMZ with an application server where customers can upload and access their product orders. The security admin wants to know how you configure IntroSpect to monitor this server. Should this be part of your plan? (Configure the server in the DMZ as a High Value Asset in Menu>Configuration>Analytics>Correlator Config>so that IntroSpect will monitor the server for access patterns.)

A. Yes

B. No