arcsight

Please select the Non Database user of Oracle installation for Arcsight. sys. system. root. Arcsight.

Oracle accepts network connections through an Oracle service is known as. TNS Listener. HTTP Listener. Message Listener. Exception Listener.

_____files contains metadata about the database. data. Control. online redo. configuration.

The _____ is used to move the partitions out of the database for offline storage. Offline Achiever. Database Achiever. Partition Achiever. Partition Separator.

To perform the online backup of an Online database, ensure that the database is configured for mode. ARCHIVERLOG. ONLINELOG. OFFLINELOG. BACKUPLOG.

Which is not the component in the notification structure for Rule Action. Notification Groups. Escalation Levels. Destinations. User Role.

Which one is not the tablespace in Arcsight DB. arc_system_data. arc_system_index. arc_event_data. arc_data_index.

By default, a user's account is disabled after _____ failed login attempts. Three. Five. Six. Ten.

A____ is a temporary certificate used during initial installation. CA Signed Certificate. Self-signed Certificate. Demo Certificate. SSH Certificate.

A network consists of _____. Zone. Report. Filter. Channel.

Which log file contains information on Memory, Persistence, time & thread dumps. Server.log. Server.std.log. Server log. Server.sql.log.

Which log file contains information & errors related to Partitioner Achiever. wrapper.log. Server log. Server.log. Agent log.

To troubleshoot a problem, start from the ______ and move towards the ____. Console & Source. Source & Console. Connector & Console. Source & Console.

List the function that is performed by system package. Aggregation. Benchmarking and analysis. Email Alerting and Acknowledgement. Compression and Storage.

What stores information about logons, user actions, and the resulting events in the most concise way?. Event annotations. Active Lists. Session Lists. Cases.

Which firewall will generate Outbound TCP connection event even if there is no 3 way hand Shake. ASA. Checkpoint. Juniper. Pal Alto.

To detect a Brut force Attack effectively, name the field that should be used in the correlation rule. Source User. Destination IP. Source IP. Destination User.

Name the field that is common in firewall events for "TCP Connection" & NAT Translation in ASA event. Destination Port. Source Port. Destination IP. Command.

In Windows, the installation directories can be located by selecting the service in the _____. TNS Listener. Service Applet. MSG Applet. Task Manager.

Services for the ArcSight ESM components must be started in the following order. "Start the Oracle instance Start the Oracle TNS Listener service Start the ArcSight Manager service Start the ArcSight Web service". "Start the ArcSight Web service Start the Oracle instance service Start the Oracle TNS Listener Start the ArcSight Manager service". "Start the Oracle instance Start the ArcSight Web service Start the Oracle TNS Listener service Start the ArcSight Manager service". "Start the ArcSight Manager service Start the Oracle instance Start the ArcSight Web service Start the Oracle TNS Listener service".

On Reserve period holds how many partitions?. 8. 26. 14. 72.

Arcsight manager Connects to Oracle installation over TCP port ___. 1521. 8080. 8443. 443.

What is the recommended backup Method for Oracle DB. Offline. online. Both. None of the above.

List the stage that is not part of partition lifecycle: Online Reserve Period. Online Retention Period. Offline Retention Period. Offline Reserve Period.

An encrypted repository on the SSL server that holds the SSL Certificate and the server's private keys called _____. TrustStore:. Key Pair. KeyStore. Masterkey.

___ file helps to restrict access for Connectors. agents.accept.ips. web.accept.ips. xmlrpc.accept.ips. xmlrpc.reject.ips.

For applying oracle CPU, on windows , you to need to logon as ____ user. Oracle. sys. sysuser. Administrator.

the procedure for downloading and running the patch installer on _____ platform Is different in ArcSight. Windows. Mac. Aix. Solaris.

communication between Arcsight web and client is _____ encrypted. SSH. SSL. TLS. SFTP.

______ is usually installed on the same server as ArcSight manager. ArcSightDB. Oracle. ArcSight Web. ArcSight Console.

choose arcsight table which will occupy more space in the DB. ARC_EVENT_DATA. arc_system_index. ARC_SYSTEM_DATA. ARC_EVENT_INDEX.

which one of the listed here is of least importance during Sizing of ArcSight soultions?. Retention Policy. aggregation ratio. Events per second. Number of users.

______ offers no parity, stripping or spanning of disk space across multiple disks. Raid 3. Raid 4. Raid 1. Raid 5.

_____ consists of block - level stripping with distributed parity and is distributed among the drives. Raid 3. Raid 4. Raid 1. Raid 5.

The Arcsight recommendation for disk sizing is to allow ______ buffer to prevent solutions being undersized. 1.5X. 3.5X. 1.25X. 1.55X.

The ARcSight recommendation for Peak EPS is to allow ______ buffer to prevent soultion being undersized. 1.5X. 2.0X. 1.25X. 1.55X.

In a typical environment, where you would see high EPS per device. Firewall. Windows Server. IPS. Antivirus server.

the ArcSight recommendation for windows connector sizing is to allow ______ buffer to prevent solution being undersized. 1.5X. 3.5X. 0.5X. 2.5X.

For Optimal performance, Arcsight database required dedicated _____. WAN link. Instance & Machine. CPU Cores. Disk space.

Raid level recommendation from Arcsight to Storage is ______. 1+1. 0+1. 5. 4.

Arcsight database constantly performs a lot of random ____ because of large number of event insertions. Writes. Reads. Query. Search.

In _____ two disks fail, all data is lost. 1+1. 0+1. 5. 4.

Most I/O load will be on ____ db table due to random read/writes. ARC_EVENT_DATA. arc_system_index. ARC_SYSTEM_DATA. ARC_EVENT_INDEX.

A separate volume in Db server is required if Arcsight is running ______. Webserver. Usecases. Partition Achiever. Partition Separator.

What is considered to be "Good persistence" when troubleshooting performance on Arcsight DB. Post EPS filter count is 0. Post aggregation count is 0. Estimated Cache size is 0. post filter count is 0.

How can Write performance issue can be resolved ?. Raid level changes in Storage. Event filtering at the device. Usecsae modification. Changing the retension policy.

what is integration method used to integrate remedy ticket system to Arcsight. ARP. TNS. ARS. DNS.

Post integration of remedy ticketing system what is stored in case "External ID attribute". Source IP. Attacker IP. Remedy ticket Number. Remed Assest ID.

Events are partitoned by _______, hence Oracle would know exactly which partition to scan. Manager Receipt time. End time. Connector receipt time. Device start time.

Asset based variables are heavier and consume more system resource than ______ based variable. Event. Log. Time. List.

Chained rules same as join rules , except they utilize ______ to retain event details, often for longer periods of time. active lists. active channel. filter. Rule.

If the manager Receipt time 1-2 min is more than Agent receipt time,what could be the possible issue which closely matches. log source has an issue in event processing. Network latency. Arcsight service is down. Webserver is down.

When all conditions in a rule are satisfied, a rule can be configured to take ______ actions. Add to an existing case. create a new rule. create a active channel. create a report.

Rules can write, read and remove entires dynamically in ______. active lists. active channel. filter. Rule.

Where do you set max. # of correlated alerts per min limit to minimize rule recursive issues?. Server.log. server default.properties. Server1.log. Server.sql.log.

To Avoid excessive rule firing for repetitive events in case of an attack , in action and if you set "On time unit" to a value what will happen. will notify end of attack. will periodically notify that the attack is still going on. will notify start of attack. will notify whenever alert is triggered.

Use active lists to correlate information from events will limit ______ consumption. Memory. CPU. Drive Space. DB records.

The usage of performance datamonitors can be monitered from ____. Packages. CapsManager. Services.MSC. Foundation.

what is the pre-requisite when configure a usecase "to identify inactive user accounts" through a Wizard ?. Network & Asset Model. Vulnerablility data. Enriched data. Time based variables.

Which one listed here is not a Jump start package?. PCI. SOX. Perimeter monitoring. Db Monitoring.

For all perimeter monitoring use cases _____ to be detained. Zone. Asset. Network. Vulnerablility.

To configure a usecase to detect users not performing "Two factor authentication" if they are from untrusted realms, which of the listed below is least pre-requisite. Network Modelling. Zone management. Log source integration. Third party integration.

When you build a report based on the query, by clicking on which field you will schedule it?. Attributes. Templates. Jobs. Parameters.

The communication through Arcsight manager center & Connector is through ______, if there is no ARcMC agent. HTTPS. SSH. API. FTP.

As a best practice, when to schedule regular configuration backup for all Arcsight Appliance. Same time. with a Gap of 6 hours. with a Gap of 34 hours. with a Gap of 48 hours.

_____ rules are defined to generate alerts against health data metrics. Health. Datasource. Breach. Manager.

A _________ is a managed Arcsight product (ie, Connector logger etc). Host. Node. Asset. Resource.

when logger report to generated _____ to view, copy , modify, run. Parameter explorer. Report Explorer. Category explorer. Favorite explorer.

Logger report and its performance cannot be affected by _____. Data distribution. Server load. Querry complexity. Aggregation settings.

when the compression ratio is higher for the rawlog storage, the data retrieval rate would be _______. Faster. slower. Normal. None.

If the raw log data in Syslog FlexConnector contains nonASCII characters, where do you configure character encoding?. agent.properties. agent.default.properties. JVM options. Server.properties.

To tune the advance configuration parameters in file Rotation for the flex connectors, where do you make changes. agent.properties. agent.default.properties. JVM options. Server.properties.

during key field assignment when you build a flex connector which filed you will use for custom fields. flexcustom. devicecustom. deviceVendor. deviceProduct.

Please select from the following which is not a Arcsight syslog Smart connectors. Syslog Daemon. Syslog Pipe. Syslog Package. Syslog File.

After modification in syslog.conf file in the log source what else should be done at the log source level to start receiving the event to syslog connector. Restart the log source. No other actions required. Restart the Syslog server. Restart the network service.

events not being received at Syslog Smartconnector, mark the correct troubleshooting step. run a Packet Sniffer at log source level. telnet to port 514 to log source. telnet to port 514 to Smart connector. Check webservice is up.

In Cisco secure IPS SDEE integration with smart connector, which field would not be retrieved & stored by default?. Device Vendor. Device Payload. Device Severity. Threat category.

How do you turn off SSL for troubleshooting for SDEE connections in smart connectors?. Modify agent.properties. Modify agent.default.properties. Modify JVM options. Modify server.properties.

During integration of apache webservers ___________ can be used to get the logs if data rotation is confifured at OS level. File contents. File name pattern. time stamp of logs. Agent receipt time.

If Database auditing is enabled , what it’s the database related operations oracle writes to the operating system audit file as an event ?. Database start up. Table creation. Table Delete. Insert record.

what is the Arcsight recommended Syslog audit level that need to be set for Oracle DB integration. Warning. Debug. Informational. Notice.

which one is not a Audit trail in Oracle DB?. OS. XML. D3. DB ML.

For Checkpoint integration _______ Arcsight smartconnector is being used. File smart connetor. LEA. WMI. Syslog.

The Oracle RDA Tool gathers configuration information on your oracle installation and writes the output to a series of ______ files. XML. HTML. CSV. TXT.

From the get status output for specific connector peformance, what does "Sent (SLC)" Denotes. The number of events per second processed by the connector in the last few minutes. The number of events sent to the manager. The number of events in the connector cache. Any exception in the connector that pervents events from being sent.

if the server.std.log file repeatedly reports the arcsight manager is running out of memory ____ may need to be increased. CPU Cores. Heap size. Procure additional Manager. Aggregation.

Events to the Arcsight console flow from _____. Arcsight Manager. Arcsight connector. Device. Logger.

where will you check to troubleshoot or confirm if the arcsight manager is able to connect to the Arcsight database. Server.log. Server.std.log. Server.log. Server.sql.log.

_____ log file name contains information & related errors on partition achiever. Server.log. Agent.log. Wrapper log. Server.sql.log.

what is the command to be executed to find any error in the TNSListener service. tnsctl. listctl. parserctl. Isnrctl.