What is an example of an event-based Data Monitor?
What is an example of an event-based Data Monitor? A. rules partial match B. last n events C. session reconciliation D. moving average
HP0-A116
Which statements are true about escalation levels?
Which statements are true about escalation levels? (Select two.) A. Custom escalation levels can be added at anytime. B. They must be defined separately for each notification type. C. New escalation levels are added to the beginning of an escalation…
Which circumstances does a Connector use its cache?
Under which circumstances does a Connector use its cache? (Select two.) A. when a burst of events exceeds what the Manager can handle B. when the Connector is performing a service restart C. when the Connector is stopped or disabled…
Which search syntax methods?
Command Center Event Search consists of which search syntax methods? A. SQL query, regular expression, and complex expression search B. field-query search, simple query search, and complex expression search C. full-field search, Boolean search, and regular expression search D. field-based…
When exporting search results, what does the “Save to ArcSight Command Center” option do?
When exporting search results, what does the "Save to ArcSight Command Center" option do? A. automatically exports the file to the Administration > Saved Searches > Saved Search Files path B. opens a dialog allowing the user to specify a…
Which drill down type is available?
Using ESM 6.5 ArcSight Command Center, which drill down type is available? A. query viewer drilldowns into other query viewers only B. query viewer drilldowns into channels, reports, dashboards, or other query viewers C. dashboard drilldowns into channels, reports, query…
When is it useful to schedule rules rather than have them run in real time?
When is it useful to schedule rules rather than have them run in real time? A. when a network device is down B. when events are occurring less frequently than usual C. when you anticipate a worm or virus attack…
Which statements are true about reports?
Which statements are true about reports? (Select two.) A. Reports can be based on Cases, Trends, Session Lists, and Events. B. Archived reports must be restored before they can be used again C. Reports can be scheduled to run yearly,…
What is the “focus” of a Focus report?
What is the "focus" of a Focus report? A. events that have been missed based on additional criteria B. the differences between two similar report outputs C. a subset of a larger (for example, monthly or quarterly) report D. high…
Which group can data fields describing an event’s importance as assessed by ArcSight ESM be found?
Of the 17 event field groups defined in the ArcSight Event Schema, in which group can data fields describing an event’s importance as assessed by ArcSight ESM be found? A. Category B. Attacker C. Event D. Threat