HPE2-W05 Online Practice Questions and Answers

You are troubleshooting ClearPass with IntroSpect, and you notice that in Access Tracker the IntroSpect Logon Logoff actions profile is executing. However, the ClearPass Log Source on the IntroSpect Analyzer is showing dropped entries.

Would this be a good troubleshooting step? (Confirm that the ClearPass context action is sending the User name, MAC Address, IP Address, and Time Stamp)

A. Yes

B. No

Refer to the exhibit.

An IntroSpect admin is configuring an Aruba IntroSpect Packet Processor to add Microsoft AD server as a log source for analyzing the AD server logs. Are these correct Format and Source options? (Format = Snare, and Source Type = Syslog.)

A. Yes

B. No

You are one of the system administrators in your company, and you are assigned to monitor the IntroSpect system for alarms. Is this a correct statement about alarms? (You must navigate to the IntroSpect Analyzer Menu>Alerts page to see if there are any alarms.)

A. Yes

B. No

A customer with approximately 200 users in Active Directory, is running Aruba Mobility Controllers, Palo Alto firewalls, and Pulse Secure VPN and InfoBlox DNS on their network. They would like to implement the 2RU Fixed Configuration Analyzer Standard Edition.

Would this be a good response to the customer? (The Standard Edition will work for this customer as long as they do not want to capture the InfoBlox DNS logs.)

A. Yes

B. No

Refer to the exhibit.

Would this be a correct option when configuring a user account for a ClearPass to use to communicate with IntroSpect? (The username and email address must match.)

A. Yes

B. No

While investigating alerts in the Analyzer you notice a host desktop with a low risk score has been sending regular emails from an internal account to the same external account. Upon investigation you see that the emails all have attachments. Would this be correct assessment of the situation? (Your next step should be to find what user account logs into this desktop, and look at activity of their devices this user has access to.)

A. Yes

B. No

Refer to the exhibit.

You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location D will capture all DNS requests.)

A. Yes

B. No

Refer to the exhibit.

You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Dest Host.)

A. Yes

B. No

Refer to the exhibit.

Which alert is not supported by AD-based use case? (Privilege escalation.)

A. Yes

B. No

While investigating alerts you notice a user entity has triggered a historical alert for Large Internal Data Download. While investigating the alert, you notice that the download came from a different device than normal for the user. Based on these conditions, is this a possible cause? (This is a classic user account take over pattern.)

A. Yes

B. No