HP Implementing Aruba IntroSpect - HPE2-W05 Exam Questions
QUESTION NO: 1
You are deploying a new IntroSpect Packet Processor in your data center. It is not communicating with the analyzer in the same data center. You think that you have entered the host name of the analyzer incorrectly while bootstrapping the packet processor. Would this be a logical next step? (Clear out the bootstrap data and restart the system. After the restart, rerun the bootstrap.)
You are deploying a new IntroSpect Packet Processor in your data center. It is not communicating with the analyzer in the same data center. You think that you have entered the host name of the analyzer incorrectly while bootstrapping the packet processor. Would this be a logical next step? (Clear out the bootstrap data and restart the system. After the restart, rerun the bootstrap.)
Correct Answer: A
QUESTION NO: 2
A network administrator is looking for an option to set the maximum data retention period to 180 days in the IntroSpect Analyzer. Is this a correct statement about data retention in IntroSpect? (The default data retention period is set at 30 days, and this cannot be changed.)
A network administrator is looking for an option to set the maximum data retention period to 180 days in the IntroSpect Analyzer. Is this a correct statement about data retention in IntroSpect? (The default data retention period is set at 30 days, and this cannot be changed.)
Correct Answer: A
QUESTION NO: 3
Refer to the exhibit.
You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location A.)
Refer to the exhibit.
You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location A.)
Correct Answer: A
QUESTION NO: 4
An administrator scheduled a maintenance window for upgrading an IntroSpect system. Is this a true statement about upgrading the IntroSpect system? (All Packer Processors should be upgraded first, then the IntroSpect Analyzer should be upgraded.)
An administrator scheduled a maintenance window for upgrading an IntroSpect system. Is this a true statement about upgrading the IntroSpect system? (All Packer Processors should be upgraded first, then the IntroSpect Analyzer should be upgraded.)
Correct Answer: B
QUESTION NO: 5
An IntroSpect installation has been up for a day. While validating the log sources, you see an Aruba Firewall log source configured on a Packet Processor that has shown up on the interface in the analyzer.
While evaluating conversation data you notice there is no eflow data from AMON. You log into the controller and confirm there is user activity in the dashboard. Would this be a correct statement about this situation? (The log source on the Packet Processor may not be pointed to the analyzer IP address.)
An IntroSpect installation has been up for a day. While validating the log sources, you see an Aruba Firewall log source configured on a Packet Processor that has shown up on the interface in the analyzer.
While evaluating conversation data you notice there is no eflow data from AMON. You log into the controller and confirm there is user activity in the dashboard. Would this be a correct statement about this situation? (The log source on the Packet Processor may not be pointed to the analyzer IP address.)
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
Refer to the exhibit.
You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Dest IP.)
Refer to the exhibit.
You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Dest IP.)
Correct Answer: A
QUESTION NO: 7
Refer to the exhibit.
Which alert is not supported by AD-based use case? (Privilege escalation.)
Refer to the exhibit.
Which alert is not supported by AD-based use case? (Privilege escalation.)
Correct Answer: A
QUESTION NO: 8
An admin is evaluating entity activity alerts for large internal downloads, excessive host access, accessing hosts with SSH, and host and port scans. Is this a correct reason for these types of alerts? (an attacker conducting reconnaissance on the network.)
An admin is evaluating entity activity alerts for large internal downloads, excessive host access, accessing hosts with SSH, and host and port scans. Is this a correct reason for these types of alerts? (an attacker conducting reconnaissance on the network.)
Correct Answer: A
QUESTION NO: 9
A company wants to integrate ClearPass with the IntroSpect. Is this a supported version? (ClearPass
6.7.3.)
A company wants to integrate ClearPass with the IntroSpect. Is this a supported version? (ClearPass
6.7.3.)
Correct Answer: A
QUESTION NO: 10
Refer to the exhibit.
You are a security analyst for a company that has deployed an Aruba infrastructure, such as Mobility Controllers, ClearPass, and Airwave. Recently they have deployed Aruba IntroSpect for security analytics. You are looking at the conversation details of an entity. Is this statement correct about the details highlighted? (These details came from the ClearPass server and it has been integrated as a context server in the IntroSpect.)
Refer to the exhibit.
You are a security analyst for a company that has deployed an Aruba infrastructure, such as Mobility Controllers, ClearPass, and Airwave. Recently they have deployed Aruba IntroSpect for security analytics. You are looking at the conversation details of an entity. Is this statement correct about the details highlighted? (These details came from the ClearPass server and it has been integrated as a context server in the IntroSpect.)
Correct Answer: B
