HPE2-W05試験無料問題集「HP Implementing Aruba IntroSpect 認定」

When IntroSpect ingests logs from different sources, it standardizes and catalogs the information. When it stores log data, it currently categorizes it into one of four standard schemas. Are these the four standard schemas? (VPN access data, email data, network data, and authentication data.)

An alert goes off for the internal DNS server, and while investigating the logs you notice that the hostnames in the queries are random alphanumeric characters. Is this a logical investigation step?
(Contact the DNS admin and request that they enable root hints in the DNS server.)

Refer to the exhibit.

Given the network diagram, would this be a proper location for a network tap? (Port G at the Head Quarters Site would expose all East/West traffic bound for the data center.)

While looking at the conversation page you notice some strange network behavior, such as DNS requests coming inbound from external DNS servers. Could this be the reason why? (One of your Packet Processors may be over subscribed and is dropping packets.)

Refer to the exhibit.

You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Source Host.)

Arube IntroSpect establishes different types of baselines to perform user or device behavior analysis. Is this a correct description of a baseline that IntroSpect establishes? (Individual history baseline: this typically takes 10 to 14 days to establish a "steady state" that can be used.)

During a conversation with one of your colleagues, they bring up the subject of small business security and ask you to explain why a small business would be interested in a product like IntroSpect. Is this a reason they would purchase IntroSpect? (Most small business that suffer a data breach will go out of business as a result of the breach.

While validating the data sources in a new IntroSpect installation, you have confirmed that the network tap data is correct and there are AMON log sources for both firewall and DNS.
When you lock in the Entity360, you see the usernames from Active Directory.
However, when you look under E360 > activity > for any user accounts there is no information under
"Activity Card" and "Authentication" for any user. When you filter the Entity360 for IP address and look at the Activity screen you do see activity on the "Activity Card".
Could this be a reason why you do not see the information but do not see activity? (The log broker could be configured incorrectly and not sending authentication logs to IntroSpect.)

You were called into a customer site to do an evaluation of installing IntroSpect for a small business.
During the discovery process, the customer asks you to explain when they would need to deploy a Packet Processor. Does this explain the function of the Packet Processor? (The packet Processor helps if they are using the analyzer deployed in the cloud by forwarding log data over HTTPS.)