HPE2-W05 無料問題集「HP Implementing Aruba IntroSpect」

You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (A memory_full alarm will fire when there is less than 1 GB of free memory for more than thirty minutes.)

Refer to the exhibit.

Which alert is not supported by AD-based use case? (Suspicious user login.)

While reviving the logs at a customer site you notice that one particular device is accessing multiple servers in the environment, using a number of different user accounts. When you Question: 113 computer is a JumpBox and running software used to monitor all of the servers in the environment.
Would this be a logical next step? (As a next step, you should audit all of the accounts that are being used on the JumpBox to determine if the JumpBox is being accessed by unauthorized accounts.)

Refer to the exhibit.

Which alert is not supported by AD-based use case? (Privilege escalation.)

You have been asked to provide a Bill of Materials (BoM) for a mature small business with two sites. The IT Director prefers all hardware to be on-premise but is open to cloud-based solution. In conversations with the IT staff, you determine that the main site has approximately 550 network devices and 400 users. All users are in Active Directory. Eighty of the users use a Pulse Secure VPN to work remotely.
The second site is a warehouse operation with approximately 40 users and another 10 users that use Pulse Secure VPN. All wireless is using Aruba Networks Instant APs. There are Active Directory servers at both sites. All logs are currently being gathered into Splunk. The team feels that they can properly monitor the corporate site network with a single tap port on a central switch at the main office. There will be a network tap at the remote site.
Is this a suggestion you would make to the customer? (The customer should install the Fixed Configuration Analyzer in the data center to manage the tap and Splunk logs for the main site and a single Packet Processor at the warehouse site.)

You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Time Source Now as part of the authorization in the service.)

Refer to the exhibit.

You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Source Host.)

While looking at the conversation page you notice some strange network behavior, such as DNS requests coming inbound from external DNS servers. Could this be the reason why? (You have your network tap positioned wrong, and you are just getting outside data.)

An IntroSpect installation has been up for a day. While validating the log sources, you see an Aruba Firewall log source configured on a Packet Processor that has shown up on the interface in the analyzer.
While evaluating conversation data you notice there is no eflow data from AMON. You log into the controller and confirm there is user activity in the dashboard. Would this be a correct statement about this situation? (The log source on the Packet Processor may not be pointed to the analyzer IP address.)

Refer to the exhibit.

You are logged into the IntroSpect and have navigated to the Alerts list. You are trying to filter the alerts to show all malware alerts for users. Is this a correct search query? (alertcategory:malware* AND username:any)