What are valid actions for a rule to take?
What are valid actions for a rule to take? (Select two.) A. generating a report B. executing a command C. sending a notification D. Creating a vulnerability E. adding a condition to a filter
What are valid actions for a rule to take? (Select two.) A. generating a report B. executing a command C. sending a notification D. Creating a vulnerability E. adding a condition to a filter
How do asset categorization and event categorization relate to each other? A. Asset categorization requires custom FlexConnectors; event categorization uses standard Smartconnectors. B. Asset categorization and event categorization are the same. C. Asset categorization is the fingerprint of an asset;…
Which statements are true about Active Lists? (Select two.) A. They can store data over longer periods of time than rules or Data Monitors. B. They can incur processing overhead if not properly scheduled. C. They always include start time…
Active Channel views and Dashboard views are examples of ArcSight Console Viewer Panel views. Which other views are associated with the Viewer Panel? (Select two) A. Simple views B. Asset views C. Results views D. Resource views E. Combined views
Which statements are true about Session Lists? (Select two) A. They always have Start Time, End Time, and Creation Time fields. B. They must have a key field and a time value. C. They can share entries with other Session…
Which procedure allows you to terminate a session within a Session List? (Select two) A. Exceed the time-out based on entry expiration time B. Configure a rule action to explicitly terminate a session C. Manually close the session using the…
You want your Active Channel to automatically display new events as they arrive at ESM. Which time parameter you use to accomplish this? A. Continuously Evaluate B. Evaluate Continuously from Attach Time C. Evaluate $NOW-1h D. Evaluate Once at Attach…
Besides managing user accounts, user groups, event storage, and notifications, what else does the ArcSight Command Center allow you to do? A. Update the ESM product license, and access the ArcSight Web interface. B. Status Connectors, configure authentication; monitor events…
What is the effect of the constraints used in an event search query? A. They maintain search criteria within the range of data specified by the filter B. They provide a shorthand view when defining field sets. C. They limit…
Which ArcSight resource objects do Field Sets correspond to? A. attributes in a Query Viewer B. variables in a Rule configuration C. components in a Network Model D. columns in an Active Channel Grid view