By default, which TCP/IP port is used by ArcSight Command Center to communicate with a web browser client?
A. 1521
B. 9443
C. 8443
D. 443
What is a trust store (sometimes called a key store)?
A. the preferred source for obtaining signed certificates
B. a list of trusted Certificate Authorities
C. the location of a system's private keys
D. the set of backup files containing SSL information
In Network Modeling, what is closest to being a subnet?
A. zone
B. network
C. Asset Range
D. Network Range
Which resources are optional ArcSight compliance solutions delivered as packages? (Select two.)
A. SOX - Sarbanes Oxley Act
B. PCI - Penetration Culprit Identification
C. PCI - Payment Card industry
D. SOX- Secure Obfuscation Extensions
E. SOX - Security Operations Exposition
F. PCI - Payload Content Information
Which procedure allows you to terminate a session within a Session List? (Select two)
A. Exceed the time-out based on entry expiration time
B. Configure a rule action to explicitly terminate a session
C. Manually close the session using the right-click menu.
D. Adjust the Session setting in Console Preferences.
E. Close the session by exiting the ArcSight Console.
Which statements are true about Active Lists? (Select two.)
A. They can store data over longer periods of time than rules or Data Monitors.
B. They can incur processing overhead if not properly scheduled.
C. They always include start time and end time fields.
D. They can be manually populated using the right-click context menu.
E. They can neither be exported nor imported.
How do asset categorization and event categorization relate to each other?
A. Asset categorization and event categorization are the same.
B. Asset categorization and event categorization use the same field set to apply categories to assets and events.
C. Asset categorization requires custom FlexConnectors; event categorization uses standard SmartConnectors.
D. Asset categorization is the fingerprint of an asset; event categorization is a set of criteria that describes an event.
During which process is the first user created for access to ESM?
A. during initial configuration of server-side SSL trust store
B. during the authentication phase of the SmartConnector Installation
C. during installation of the ArcSight Console
D. during installation of the ArcSight Manager
Which command is a valid investigate command?
A. Add [Attribute=Value] to Filter
B. Create [Filter=Value]
C. Add [Value!=Condition] to Filter
D. Add to Filter [List of Related Conditions]
What does Partition Archiving allow you to specify?
A. the number of partitions to keep offline
B. the number of partitions that remain online
C. the compression ratio to be used in partitioning
D. the amount of data to store in a partition