HPE2-W05試験無料問題集「HP Implementing Aruba IntroSpect 認定」
You are deploying a new IntroSpect Packet Processor in your data center. It is not communicating with the analyzer in the same data center. You think that you have entered the host name of the analyzer incorrectly while bootstrapping the packet processor. Would this be a logical next step? (Just restart the system by executing "shutdown -r now" command during the reboot; when prompted, select the option for "reset processor".)
正解:A
解答を投票する
Refer to the exhibit.
You are working with an IntroSpect Analyzer which is configured to monitor your network. You have navigated to the “Config Subnets” page to verify whether the internal and external subnets are configured properly. Is this a correct assessment of the screen? (The 10.100.120 subnet is incorrectly listed as external.)
You are working with an IntroSpect Analyzer which is configured to monitor your network. You have navigated to the “Config Subnets” page to verify whether the internal and external subnets are configured properly. Is this a correct assessment of the screen? (The 10.100.120 subnet is incorrectly listed as external.)
正解:A
解答を投票する
While investigating alerts in the Analyzer you notice a host desktop with a low risk score has been sending regular emails from an internal account to the same external account. Upon investigation you see that the emails all have attachments. Would this be correct assessment of the situation? (The user on this host spends way too much time sending email, but should not be considered a risk until the risk score climbs above 60.)
正解:A
解答を投票する
You are visiting a site configured with IntroSpect, and the on-site admin tells you that they do not think that one of their database servers has fired any alerts for large download or strange access patterns.
Could this be a reason? (The database server needs to be listed in an entity whitelist.)
Could this be a reason? (The database server needs to be listed in an entity whitelist.)
正解:B
解答を投票する
You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Time Source Now as part of the authorization in the service.)
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
While investigating alerts you notice a user entity has triggered a historical alert for Large Internal Data Download. While investigating the alert, you notice that the download came from a different device than normal for the user. Based on these conditions, is this a possible cause? (This is a classic user account take over pattern.)
正解:B
解答を投票する
While investigating alerts in the Analyzer you notice a host desktop with a low risk score has been sending regular emails from an internal account to the same external account. Upon investigation you see that the emails all have attachments. Would this be correct assessment of the situation? (Your next step should be to find what user account logs into this desktop, and look at activity of their devices this user has access to.)
正解:A
解答を投票する