Documents

document.pdf

Categories
Published
of 5
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
Exam ID Exam ID HP0-A116 Exam type Exam type Proctored examtaken at dedicated testing center Exam duration Exam duration 1 hr 30 mins Exam length Exam length 60 questions Passing score Passing score 65% Delivery Delivery languages languages English Related Related certifications certifications HP ASE - ArcSight Security V1 HP ATP - ArcSight Security V1 Supporting Supporting courses courses These recommended courses help you prepare for the exam 00924200 - HP ArcSight ESM 6.5 Securi
Transcript
  Exam IDExam ID HP0-A116 Exam typeExam type Proctored exam taken at dedicated testingcenter Exam durationExam duration 1 hr 30 mins Exam lengthExam length 60 questions Passing scorePassing score 65% DeliveryDelivery languageslanguages English RelatedRelated certificationscertifications HP ASE - ArcSight Security V1HP ATP - ArcSight Security V1 SupportingSupporting coursescourses These recommended courses help you preparefor the exam00924200 - HP ArcSight ESM 6.5 SecurityAdministrator and Analyst AdditionalAdditionalstudy materialsstudy materials ArcSight ESM 6.5c Administrator’s GuideArcSight ESM 6.5c ArcSight ConsoleUser’s GuideArcSight ESM 6.5c ArcSight CommandCenter User’s GuideArcSight ESM 6.5c ArcSight Web User’sGuideArcSight ESM 6.5c Installation andConfiguration GuideArcSight ESM 6.5c Standard ContentGuideArcSight SmartConnectors User’s GuideRegister for this Exam Register for this examYou will need an HP Learner ID and a Pearson VUE login andpassword. No online or hard copy reference material will be allowedat the testing site. This exam may contain beta test items forexperimental purposes. During the exam, you can make specificcomments about the items (i.e. accuracy, appropriateness toaudience, etc.). HP welcomes these comments as part of ourcontinuous improvement process. HP ExpertOne ExamPreparation Guides HP ArcSight ESM Security Administrator and AnalystHP ArcSight ESM Security Administrator and Analyst Exam descriptionExam description This exam tests your skills and abilities related to Enterprise SecurityManager (ESM) product facilities and related user and administrative tasks.Exam topics include use of the ArcSight Console, ArcSight Command Center,and ArcSight Web user interfaces to monitor security events, configureESM, and manage users, ESM network intelligence resources and ArcSightESM workflows. Topics also include tailoring standard ArcSight ESMcontent to acquire, search, and correlate actionable event data; and performremedial activities such as incident analysis, stakeholder notification, andreporting security conditions within the network environment.This certification exam is designed for candidates with “on the job”experience. The associated training course, which usually includes labs,provides a knowledge foundation; however, it is highly recommended thatyou also have some hands-on, real-world ESM product experience.  Who should take this exam?Who should take this exam? New candidates who want to acquire the HP ASE - ArcSight Security V1  Certification. Exam contentsExam contents This exam has 60 questions. Here are types of questions to expect:Multiple choice (multiple responses)Multiple choice (single response) Tips for taking this examTips for taking this exam This exam assesses whether you have the knowledge and skills to navigateand utilize the ArcSight ESM products as a security solution in a businessdevelopment and production environment.Take the time to read the entire question and consider all of the optionscarefully before you answer. If the question indicates that it features anexhibit, study the exhibit and reread the question. Make sure to select theanswer that correctly responds to the question that is asked — not simplyan answer that includes some correct information. If the question asks formore than one answer, remember to select each correct answer. You willnot receive partial credit for a partially correct answer. ObjectivesObjectives This exam validates that you can successfully perform the following:  HP0-A116HP0-A116Sections/ObjectivesSections/Objectives 2%Introduction to ESM 6.5Define ESM User RolesList ArcSight Components, Interfaces, Information Resources8%ArcSight Event Schema and Life CycleDescribe ESM Event Schema and Schema GroupsIdentify ArcSight Event LifeCycle Phases and Schema population5%ArcSight ESM Install and ConfigurationDescribe Pre-Install RequirementsIdentify Install Process (Installation / Configuration Wizards)Describe reconfiguration and upgrade methods  9%ArcSight ESM ConsoleDescribe Login, user preference, and main tool bar facilitiesNavigate Resource trees, Viewer and Edit/Inspect PanelsAccess built-in documentation and reference resources.7%ArcSight Command CenterLogin, navigate main tab menus and use the Help FacilityAccess dashboards, Event Search, Reports, and Workflow CasesNavigate Administrative facilities for ESM system configuration, connector status, and event storage and archive3%ArcSight Web InterfaceLogin to the Home Page and use the Help FacilityAccess Dashboards, Reports, Active Channels and Notifications9%Active Channels, Filters and Field SetsAccess Active Channels and modify filters and field setsUse Right-click menus and Event Investigation facilities8%ESM Rules and Lists Differentiate Simple vs Join Types Rules, Real-time vs Scheduled RulesEdit Rule attributes, including Conditions, Aggregation, Actions, and TriggersExplain the use of Active Lists and Session Lists8%Dashboards and Data MonitorsAccess dashboards and interpret data monitor displaysDescribe the benefits of using IdentityViewExplain Drill down to Active Channels6%Query ViewersDescribe Query Viewer usageEdit Query Viewers, establish baselines and define drilldowns6%ESM ReportsEnter Report Runtime parameters, run and archive reportsEdit focused reports and delta reportsEstablish and manage report scheduling and distribution4%Workflow Cases Describe Workflow Case managementAccess existing cases, view events, add attachments and notesAdd a new case, follow upon a case , and finalize a case5%User AdministrationCreate ESM Users and User GroupsExplain the Administration of ACLs (Access Control Lists)Apply ArcSight Password Policy settings3%User Notifications Describe Notification functions and resourcesAccess, modify and configure Notifications3%Use Case ResourcesDescribe Use Case conceptsDifferentiate Standard Content ProductizedComliance and Consultant-rovided use case deloment   Configure and modify Standard Content Use Cases4%ArcSight Content ManagementCreating ArcSight PackagesConfiguring ESM PeeringEstablishing manual or scheduled ESM Content Push, Synchronization, and Tracking8%Event Search, Filters and Saved SearchesSearch Events using the Search Builder/Advanced Search toolsDisplay Search Results and select output optionsExport and distribute Search Results2%ArcSight Support ResourcesAccess HP ArcSight Support FacilitiesDescribe Administrative and Support-related resources Sample questionsSample questions Use the following questions to help assess whether you are ready to take the exam. Answers to these sample questions areprovided at the end of this guide.1. What is the purpose of the ArcSight Enterprise Security Manager (ESM)?a. enables situational awareness and visibility of the security risks across an organizationb. enables a security bus such that devices may communicatec. enables security integration between disparate devicesd. enables security device management using a common browser-based Management Console2. Which user role evaluates reports to determine if corporate objectives or initiatives are met?a. administratorb. authorc. business userd. operator3. Which component describes the SSL protocol used by the ArcSight Manager to communicate with ArcSight Consoles andSmartConnectors?a. Standard Secure Linkb. Secure Sockets Layerc. System Smart Linkd. Secure Synchronous Layer4. What are the five criteria that are used to calculate the ArcSight Priority Formula?a. Model Confidence, Relevance, Severity, Asset Criticality, and agentSeverityb. Vulnerability, Penetration History, Critical Zone, Asset Category, and eventSeverityc. Behavior, Outcome, Technique, Device Group, and tupleSignificanced. eventSource, eventDestination, AttackerID, Target Exposure, and deviceProfile5. When is a simple rule triggered?a. when scanned events match a configured set of conditionsb. when correlation events exceed a threshold settingc. when the number of events exceeds a timeout windowd. when events are aggregated more than three times6. What is the purpose of the Time Window Expiration (TWE) function in ESM?a. establishes an Active List TTL (Time To Live)b. determines the duration for a Rule Thresholdc. escalates an Alert Notification to the next leveld. allows individual entries in Session Lists to expire  7. Which functions do Active Lists provide to ArcSight ESM? (Select two.)a. reduce system memory use by reducing rule partial matchesb. export and import to other ESM instances through CSV filesc. populate specified Session Lists either manually or on schedulesd. convert directly to Report Queries for long-term trendinge. generate and push categorization profiles to SmartConnectors AnswersAnswers This section provides answers to and references for the sample questions.1. What is the purpose of the ArcSight Enterprise Security Manager (ESM)?a. enables situational awareness and visibility of the security risks across an organizationb. enables a security bus such that devices may communicatec. enables security integration between disparate devicesd. enables security device management using a common browser-based Management Console ReferencesReferences ArcSight ESM Administrator Analyst TrainingModule 1 – Introduction to ESM 6.5 2. Which user role evaluates reports to determine if corporate objectives or initiatives are met?a. administratorb. authorc. business userd. operator ReferencesReferences ArcSight ESM Administrator Analyst TrainingModule 1 – Introduction to ESM 6.5 3. Which component describes the SSL protocol used by the ArcSight Manager to communicate with ArcSight Consoles andSmartConnectors?a. Standard Secure Linkb. Secure Sockets Layerc. System Smart Linkd. Secure Synchronous Layer ReferencesReferences ArcSight ESM Administrator Analyst TrainingModule 1 – Introduction to ESM 6.54. What are the five criteria that are used to calculate the ArcSight Priority Formula?a. Model Confidence, Relevance, Severity, Asset Criticality, and agentSeverityb. Vulnerability, Penetration History, Critical Zone, Asset Category, and eventSeverityc. Behavior, Outcome, Technique, Device Group, and tupleSignificanced. eventSource, eventDestination, AttackerID, Target Exposure, and deviceProfile ReferencesReferences ArcSight ESM Administrator Analyst TrainingModule 2 – ArcSight Event Schema and Life Cycle 5. When is a simple rule triggered?a. when scanned events match a configured set of conditionsb. when correlation events exceed a threshold setting
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks