HP0-A116 Online Practice Questions and Answers

Which Event Schema group contains data fields, which describe the connector reporting an event?

A. Event

B. Device

C. Source

D. Agent

Which statements are true about event lifecycle data collection and the event processing phase? (Select two.)

A. Model confidence is determined, based on details provided by the event source.

B. Each line of incoming log data is processed as a separate event.

C. Event severity is determined, based on an Active List of recent severity factors.

D. Values are normalized and entered into the ArcSight Event Schema.

What can ArcSight ESM Dashboards display?

A. multiple Data Monitors

B. multiple Cases

C. multiple Stages

D. multiple Reports

Which ArcSight Solution works as a GPS for privileged user activity that identifies unusual hehavior?

A. ThreatDetector

B. Pattern Discovery

C. IdentityView

D. ldentityCorrelation

Which ArcSight ESM user type provides full privileges to use the Command Center, the ArcSight Console, the Arcsight Web client, and all tools?

A. Web User

B. Normal User

C. Connector Installer

D. Management Tool

What is the "focus" of a Focus report?

A. events that have been missed based on additional criteria

B. the differences between two similar report outputs

C. a subset of a larger (for example, monthly or quarterly) report

D. high priority Correlation events only

Which ArcSight resource objects do Field Sets correspond to?

A. attributes in a Query Viewer

B. variables in a Rule configuration

C. components in a Network Model

D. columns in an Active Channel Grid view

When using the Query Editor, three sub-tabs provide the options you need to properly set up the query. What information do these sub-tabs require?

A. when the query should be run; which format the query output should take; how many data elements should be included

B. when the query should be run; what the query should be called; how long the data should be archived

C. which data fields to select; how the data should be displayed; how long the data should be archived

D. which data fields to select; how the data should be ordered; how the data should be grouped

Which functions does a non-event based Data Monitor perform?

A. evaluates the event stream and creates Correlation events when anomalies are discovered

B. monitors and displays rule and filter data flow thresholds and latencies

C. summarizes and displays event-based Data Monitor statistics

D. monitors and displays ArcSight ESM system and platform status

Using SSL technology, information can be communicated over an encrypted channel. What is SSL?

A. Standard Security Layer

B. Smart Stealth Layer

C. Secure Sockets Layer

D. Security Standards Layer

What is a good way for an operator or analyst to quickly determine which events must be addressed first?

A. check the priority rating in a Dashboard or Active Channel

B. run a report of High Priority Threats

C. ask more senior analysts or architects

D. view the Event Grid and Correlation categories

Which are clients of the ArcSight Manager? (Select two.)

A. ArcSight Correlation Engine

B. ArcSight Web

C. ArcSight SmartConnectors

D. ArcSight Database

Which document provides the most detailed instructions for applying an Oracle CPU?

A. Oracle CPU release notes

B. ArcSight ESM Administrator's Guide

C. Opatch Readme file

D. ArcSight ESM Installation Guide

Which statement best describes how baselines are established and used in Query Viewers?

A. Baselines are created using query results, which are fed into the Image Editor for filtering and display in the related Data Monitor.

B. Baselines are created using rules. After the rule is triggered, the resulting action establishes a baseline against which future rules are evaluated in the Query Viewer.

C. Baselines are created using query results. When a query has one or more baselines available, you can compare the current results with a baseline.

D. Baselines are created using query results. The baseline from the query is used to create a new field set definition that can be run against future events.

Which file types MUST be included in an Oracle backup? (Select two.)

A. table files

B. data files

C. program files

D. configuration files