QUESTION NO: 1
A company wants to integrate ClearPass with the IntroSpect. Is this a supported version? (ClearPass
6.7.3.)
A company wants to integrate ClearPass with the IntroSpect. Is this a supported version? (ClearPass
6.7.3.)
Correct Answer: B
Vote an answer
QUESTION NO: 2
You are troubleshooting ClearPass with IntroSpect, and you notice that in Access Tracker the IntroSpect Logon Logoff actions profile is executing. However, the ClearPass Log Source on the IntroSpect Analyzer is showing dropped entries.
Would this be a good troubleshooting step? (Confirm that the ClearPass context action is sending the User name, MAC Address, IP Address, and Time Stamp)
You are troubleshooting ClearPass with IntroSpect, and you notice that in Access Tracker the IntroSpect Logon Logoff actions profile is executing. However, the ClearPass Log Source on the IntroSpect Analyzer is showing dropped entries.
Would this be a good troubleshooting step? (Confirm that the ClearPass context action is sending the User name, MAC Address, IP Address, and Time Stamp)
Correct Answer: A
Vote an answer
QUESTION NO: 3
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For "Command and Control" you can monitor DNS through network tap ports.)
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For "Command and Control" you can monitor DNS through network tap ports.)
Correct Answer: A
Vote an answer
QUESTION NO: 4
An analyst notices that a disabled user account has been enabled. Is this an action that the analyst should take? (Allow the system to run for 15 days to establish a historical baseline, and determine if this account is a threat.)
An analyst notices that a disabled user account has been enabled. Is this an action that the analyst should take? (Allow the system to run for 15 days to establish a historical baseline, and determine if this account is a threat.)
Correct Answer: A
Vote an answer
QUESTION NO: 5
You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (You must navigate to the IntroSpect Analyzer Menu>Alerts page to see if there are any alarms.)
You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (You must navigate to the IntroSpect Analyzer Menu>Alerts page to see if there are any alarms.)
Correct Answer: A
Vote an answer
Explanation: Only visible for Actual4test members. You can sign-up / login (it's free).
QUESTION NO: 6
You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload? (As a general rule, the data rate should be below 5000 event/sec.)
You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload? (As a general rule, the data rate should be below 5000 event/sec.)
Correct Answer: B
Vote an answer
QUESTION NO: 7
During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)
During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)
Correct Answer: A
Vote an answer
QUESTION NO: 8
Refer to the exhibit.
An IntroSpect admin is configuring an Aruba IntroSpect Packet Processor to add Microsoft AD server as a log source for analyzing the AD server logs. Are these correct Format and Source options? (Format = Snare, and Source Type = Syslog.)
Refer to the exhibit.
An IntroSpect admin is configuring an Aruba IntroSpect Packet Processor to add Microsoft AD server as a log source for analyzing the AD server logs. Are these correct Format and Source options? (Format = Snare, and Source Type = Syslog.)
Correct Answer: A
Vote an answer