Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

HP HPE2-W05 Implementing Aruba IntroSpect Exam Practice Test

Demo: 17 questions
Total 115 questions

Implementing Aruba IntroSpect Questions and Answers

Question 1

You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect

system for alarms. Is this a correct statement about alarms? (The alarm bell icon on the header bar indicates

active alarms, and clicking on it will take you to the Alerts>page.)

Options:

A.

Yes

B.

No

Question 2

A network administrator is looking for an option to set the maximum data retention period to 180 days in theIntroSpect Analyzer. Is this a correct statement about data retention in IntroSpect? (The default data retentionperiod is set at 30 days, and this cannot be changed.)

Options:

A.

Yes

B.

No

Question 3

You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Ingress Event Processing.)

Options:

A.

Yes

B.

No

Question 4

The company has a DMZ with an application server where customers can upload and access their productorders. The security admin wants to know how you configure IntroSpect to monitor this server. Should this bepart of your plan? (List the IP subnet of the DMZ as “External” under the Main Menu > Analytics>GlobalConfig>so that alerts for the server will show up as IN-to-OUT traffic.)

Options:

A.

Yes

B.

No

Question 5

You need to deploy IntroSpect Analyzer in your existing network. You are planning to configure logs from

multiple systems around your network. Can this 3rd-party tool collect the logs and push them to Analyzer? (IBM QRadar SIEM will push logs to IntroSpect.)

Options:

A.

Yes

B.

No

Question 6

Refer to the exhibit.

You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location A.)

Options:

A.

Yes

B.

No

Question 7

An analyst notices that a disabled user account has been enabled. Is this an action that the analyst shouldtake? (Put the user account on a watchlist to keep an eye on it.)

Options:

A.

Yes

B.

No

Question 8

Refer to the exhibit.

You are a security analyst for a company that has deployed an Aruba infrastructure, such as Mobility Controllers, ClearPass, and Airwave. Recently they have deployed Aruba IntroSpect for security analytics. You are looking at the conversation details of an entity. Is this statement correct about the details highlighted? (These details came from the ClearPass server and it has been integrated as a context server in the IntroSpect.)

Options:

A.

Yes

B.

No

Question 9

While troubleshooting integration between ClearPass and IntroSpect, you notice that there are no log events for either THROUGHPUT or ERROR in the ClearPass log source on the IntroSpect Analyzer. You are planning your troubleshooting actions.

Is this something you should check? (Under Cluster-Wide Parameters on the ClearPass Publisher, make sure Post-Auth v2 is enabled.)

Options:

A.

Yes

B.

No

Question 10

You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet

Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible

overload? (As a general rule, the data rate should be below 9000 event/sec.)

Options:

A.

Yes

B.

No

Question 11

You are configuring a ClearPass Cluster to send endpoint context to an IntroSpect Analyzer for the wireless network. You want to test the setup after you have installed the XML file with the enforcement profiles and actions. Can this method be used to test that the setup is functioning correctly?

(Connect to the wireless network, and send a test authentication from a test device/user in the network. Observe the results in Access Tracker.)

Options:

A.

Yes

B.

No

Question 12

You are a system admin with a company where Aruba infrastructure, such as Controllers, ClearPass, and

Airwave, have been deployed. The company has integrated an Aruba Introspect 2-RU appliance in the

Network Infrastructure. Recently, you are seeing overload issues with the IntroSpect system. So, you want to

add five more Compute Nodes to meet the requirements.

Is this a correct solution for adding more Compute Nodes? (2-RU is a single appliance that does not scale, and

you cannot add any more Compute Nodes to it.)

Options:

A.

Yes

B.

No

Question 13

A security analyst is monitoring the traffic which is accessing internal and external resources. They find

abnormal activity, indicating communication between a compromised internal user(host) and internal

infrastructure, and found a suspicious malware activity. Is this a correct attack stage classification for this

activity? (Exfiltration.)

Options:

A.

Yes

B.

No

Question 14

In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.

Would this be a correct correlation? (For “Command and Control” you can monitor DNS through AMON on the Aruba Mobility Controllers.)

Options:

A.

Yes

B.

No

Question 15

During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)

Options:

A.

Yes

B.

No

Question 16

You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect

system for alarms. Is this a correct statement about alarms? (A memory_full alarm will fire when there is less

than 1 GB of free memory for more than thirty minutes.)

Options:

A.

Yes

B.

No

Question 17

While talking to an associate, they ask you to describe how different alerts in IntroSpect indicate compromiseon the network. Would this be a correct statement? (If an entity executes a large download followed a few dayslater by a large upload to DropBox, this could be an indication that the entity is compromised.)

Options:

A.

Yes

B.

No

Demo: 17 questions
Total 115 questions