HPE2-W05 Exam Dumps - Implementing Aruba IntroSpect
A security analyst is monitoring the traffic which is accessing internal and external resources. They find
abnormal activity, indicating communication between a compromised internal user(host) and internal
infrastructure, and found a suspicious malware activity. Is this a correct attack stage classification for this
activity? (Exfiltration.)
Refer to the exhibit.
An IntroSpect admin is configuring an Aruba IntroSpect Packet Processor to add Microsoft AD server as a log source for analyzing the AD server logs. Are these correct Format and Source options? (Format = Snare, and Source Type = Syslog.)
In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For “Command and Control†you can monitor DNS through AMON on the Aruba Mobility Controllers.)
While validating the data sources in a new IntroSpect installation, you have confirmed that the network tap data is correct and there are AMON log sources for both firewall and DNS.
When you lock in the Entity360, you see the usernames from Active Directory.
However, when you look under E360 > activity > for any user accounts there is no information under “Activity Card†and “Authentication†for any user. When you filter the Entity360 for IP address and look at the Activity screen you do see activity on the “Activity Cardâ€.
Could this be a reason why you do not see the information but do not see activity? (The log broker could be configured incorrectly and not sending authentication logs to IntroSpect.)
Refer to the exhibit.
You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this activity. Could you use this entity type to accomplish this? (Dest Host.)