Exam Details
Exam Code
:HPE2-W05Exam Name
:Implementing Aruba IntroSpectCertification
:HPE Product CertifiedVendor
:HPTotal Questions
:115 Q&AsLast Updated
:
HP HPE Product Certified HPE2-W05 Questions & Answers
-
Question 1:
The company has a DMZ with an application server where customers can upload and access their product orders. The security admin wants to know how you configure IntroSpect to monitor this server. Should this be part of your plan? (Configure the server in the DMZ as a High Value Asset in Menu>Configuration>Analytics>Correlator Config>so that IntroSpect will monitor the server for access patterns.)
A. Yes
B. No
-
Question 2:
The company has a DMZ with an application server where customers can upload and access their product orders. The security admin wants to know how you configure IntroSpect to monitor this server. Should this be part of your plan? (List the IP subnet of the DMZ as "External" under the Main Menu > Analytics>Global Config>so that alerts for the server will show up as IN-to-OUT traffic.)
A. Yes
B. No
-
Question 3:
While investigating alerts you notice a user entity has triggered a historical alert for Large Internal Data Download. While investigating the alert, you notice that the download came from a different device than normal for the user. Based on these conditions, is this a possible cause? (This is a classic user account take over pattern.)
A. Yes
B. No
-
Question 4:
Refer to the exhibit.
Which alert is not supported by AD-based use case? (Suspicious user login.)
A. Yes
B. No
-
Question 5:
Refer to the exhibit.
Which alert is not supported by AD-based use case? (Privilege escalation.)
A. Yes
B. No
-
Question 6:
You want to create a use case to get alerts when the behavior of an internal user has deviated from the norm of other users that work in the same department. Is this a suitable baseline for this use case? (Peer baseline based on the LDAP department from Active Directory.)
A. Yes
B. No
-
Question 7:
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For "Command and Control" you can monitor DNS through network tap ports.)
A. Yes
B. No
-
Question 8:
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For "Command and Control" you can monitor DNS through AMON on the Aruba Mobility Controllers.)
A. Yes
B. No
-
Question 9:
Would this be a proper correlation between entity and attack stage? (You see an alert for a user sending DNS requests for TOR sites, and correlate this to data exfiltration.)
A. Yes
B. No
-
Question 10:
Would this be a proper correlation between entity and attack stage? (There is an alert for port scans by an entity, and you correlate that to a malware doing recon.)
A. Yes
B. No
Related Exams:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only HP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your HPE2-W05 exam preparations and HP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.