HPE2-W05 無料問題集「HP Implementing Aruba IntroSpect」

An alert goes off for the internal DNS server, and while investigating the logs you notice that the hostnames in the queries are random alphanumeric characters. Is this a logical investigation step?
(Contact the DNS admin and request that they enable root hints in the DNS server.)

While discussing network security with an associate, the associate asks why a company would need internal monitoring when they have firewalls and Wireless Intrusion Protection configured. Is this an appropriate response? (You point out that while these security measures are required, there are other attack vectors in a network that are simply not protected by these.)

You need to deploy IntroSpect Analyzer in your existing network. You are planning to configure logs from multiple systems around your network. Can this 3rd-party tool collect the logs and push them to Analyzer?
(Splunk Enterprise will allow push notifications.)

You deploy IntroSpect Analyzer in your existing network. You want to monitor email for suspect malware activity. Would this action be supported by IntroSpect? (Deploy Splunk SIEM to gather logs from the email servers.)

Refer to the exhibit.

Which alert is not supported by AD-based use case? (Suspicious user login.)

You deploy IntroSpect Analyzer in your existing network. You want to monitor email for suspect malware activity. Would this action be supported by IntroSpect? (Deploy a supported DNP like Proofpoint Email Protection, and integrate with The IntroSpect Analyzer.)

During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (It is easy to support growth with the Scale-out Analyzer appliance, as Analyzer Nodes may be added over time to support the larger demand from the full environment.)

Refer to the exhibit.

Would this be a correct option when configuring a user account for a ClearPass to use to communicate with IntroSpect? (The username and email address must match.)

You have been asked to provide a Bill of Materials (BoM) for a mature small business with two sites. The IT Director prefers all hardware to be on-premise but is open to cloud-based solution. In conversations with the IT staff, you determine that the main site has approximately 550 network devices and 400 users. All users are in Active Directory. Eighty of the users use a Pulse Secure VPN to work remotely.
The second site is a warehouse operation with approximately 40 users and another 10 users that use Pulse Secure VPN. All wireless is using Aruba Networks Instant APs. There are Active Directory servers at both sites. All logs are currently being gathered into Splunk. The team feels that they can properly monitor the corporate site network with a single tap port on a central switch at the main office. There will be a network tap at the remote site.
Is this a suggestion you would make to the customer? (The customer should purchase the Scale-Out option for their data center, with a Packet Processor at the remote site.)

Refer to the exhibit.

Would this be a correct option when configuring a user account for a ClearPass to use to communicate with IntroSpect? (The username must be the host name of the ClearPass server, and the email address needs to be the username on the ClearPass server.)