HPE2-W05 exam Archives - Exam4Training

Could this be a reason why you do not see the information but do not see activity?

June 18, 2019June 18, 2019examsLeave a comment

While validating the data sources in a new IntroSpect installation, you have confirmed that the network tap data is correct and there are AMON log sources for both firewall and DNS.

When you lock in the Entity360, you see the usernames from Active Directory.

However, when you look under E360 > activity > for any user accounts there is no information under “Activity Card” and “Authentication” for any user. When you filter the Entity360 for IP address and look at the Activity screen you do see activity on the “Activity Card”.

Could this be a reason why you do not see the information but do not see activity? (The log broker could be configured incorrectly and not sending authentication logs to IntroSpect.)
A . Yes
B . No

Answer: B

While evaluating conversation data you notice there is no eflow data from AMON. You log into the controller and confirm there is user activity in the dashboard. Would this be a correct statement about this situation?

June 15, 2019June 15, 2019examsLeave a comment

An IntroSpect installation has been up for a day. While validating the log sources, you see an Aruba Firewall log source configured on a Packet Processor that has shown up on the interface in the analyzer.

While evaluating conversation data you notice there is no eflow data from AMON. You log into the controller and confirm there is user activity in the dashboard. Would this be a correct statement about this situation? (The log source on the Packet Processor may not be pointed to the analyzer IP address.)
A . Yes
B . No

Answer: A

Explanation: https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?

EntryId=27259

Does this explain the function of the Packet Processor?

June 14, 2019June 14, 2019examsLeave a comment

You were called into a customer site to do an evaluation of installing IntroSpect for a small business. During the discovery process, the customer asks you to explain when they would need to deploy a Packet Processor.

Does this explain the function of the Packet Processor? (The packet Processor helps if they are using the

analyzer deployed in the cloud by forwarding log data over HTTPS.)
A . Yes
B . No

Answer: B

You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Time Source Now as part of the authorization in the service.)

June 12, 2019June 12, 2019examsLeave a comment

You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Time Source Now as part of the authorization in the service.)
A . Yes
B . No

Answer: A

Explanation: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=2ahUKEwiBra-C-

_HgAhWLsKQKHQ4yDkkQFjABegQICBAC&url=http%3A%2F%2Fsupport.arubanetworks.com%

2FDocumentation%2Ftabid%2F77%2FDMXModule%2F512%2FCommand%2FCore_Download%2FMethod% 2Fattachment%2FDefault.aspx%3FEntryId%3D33268&usg=AOvVaw3plzLBTQalED4qNGbdU1Dx

During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)

June 12, 2019June 12, 2019examsLeave a comment

During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)
A . Yes
B . No

Answer: B

While looking at the conversation page you notice some strange network behavior, such as DNS requests coming inbound from external DNS servers. Could this be the reason why? (One of your Packet Processors may be over subscribed and is dropping packets.)

June 11, 2019June 11, 2019examsLeave a comment

While looking at the conversation page you notice some strange network behavior, such as DNS requests coming inbound from external DNS servers. Could this be the reason why? (One of your Packet Processors may be over subscribed and is dropping packets.)
A . Yes
B . No

Answer: B

Explanation: https://community.hpe.com/t5/Comware-Based/Meaning-of-FFP-in-packet-drop/tdp/

6071115#.XIH4nOdR2kw

In a meeting with a customer that runs a fully automated manufacturing facility that is connected to the business and corporate offices, the operations manager asks why they need IntroSpect to monitor the manufacturing network. Is this a reason they should monitor the manufacturing network security? (Because the controllers and sensors do not store customer data or corporate intellectual property, even if the automation network was to be breached it would not expose anything valuable.)

June 9, 2019June 9, 2019examsLeave a comment

In a meeting with a customer that runs a fully automated manufacturing facility that is connected to the business and corporate offices, the operations manager asks why they need IntroSpect to monitor the manufacturing network. Is this a reason they should monitor the manufacturing network security? (Because the controllers and sensors do not store customer data or corporate intellectual property, even if the automation network was to be breached it would not expose anything valuable.)
A . Yes
B . No

Answer: B

Given the network diagram, would this be a proper location for a network tap?

June 8, 2019June 8, 2019examsLeave a comment

Refer to the exhibit.

Given the network diagram, would this be a proper location for a network tap? (Port G at the Head Quarters Site would expose all East/West traffic bound for the data center.)
A . Yes
B . No

Answer: B

Could this be a reason for the increase?

June 6, 2019June 6, 2019examsLeave a comment

Refer to the exhibit.

You are monitoring a new virtual packet processor with a network tap. You run the command “cli stats SERVER_PRE | gre-a1 drop” and then return an hour later and run the same command, but notice there is a significant increase in the number dropped packets.

Could this be a reason for the increase? (The Packet Processor may not be allocated the proper number of memory allocated on the VM server for the size of the TAP.)
A . Yes
B . No

Answer: B

Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload?

June 6, 2019June 6, 2019examsLeave a comment

You are administering an IntroSpect Installation. While monitoring the load on the IntroSpect Packet

Processors, you think that one Packet Processor is overloaded. Is this a correct statement about the possible overload? (As a general rule, the data rate should be below 5000 event/sec.)
A . Yes
B . No

Answer: A