Alienvault

In which two áreas of the Alienvault USM web interface can you review user activity? Choose 2 answers *. Settings. Detection. Reports. Assets.

Which options can trigger a ticket in Alienvault USM? Choose three options. Directive Alert. Enabling alarm to ticket. Custom view. Policy actions. Vulnerability scan. Schedule report.

What method should be used to check how long a user has been logged into USM appliance web interface? *. Under configuration> Administration> activity, check under the sessión_Age columna. From the command line, use command “.who -i”. Under settings >current sessions, the logon column shows the time the user logged in. dFrom the command line, use command “alienvault-api –show-sessions”.

what is a Benefit of deploying two dedicated USM Logger appliances? *. Twice as much netflow data can be processed. Twice as much disk capacity to store raw logs. Twice as much database resource to store SIEM events. Twice as muchdisk capacity to store tickets.

What is the path from a Windows log via HIDS (OSSEC) agent to the security events (SIEM) console? *. HIDS rule, raw Windows log, Alienvault HIDS datasource plugin. Raw Windows log, HIDS decoder, HIDS rule, policy. Raw Windows log, HIDS decoder, HIDS rule, Alienvault HIDS datasource plugin. Raw Windows log, Alienvault HIDS datasource plugin, HIDS decoder.

What are aceptable methods for sustaining good performance when considering the database? Choose 2 answers *. Configuring alarm data retention. Running tools such as “ossim-repairs-tables” on a weekly basis. Setting retention limits on the normalized data retained in the SIEM database. Creating custom view in the SIEM console.

Which file format is used to import assets from the web interface *. Sql. +. Json. Csv.

How can you prevent specific sensor events from being saved to the SIEM database? *. Action. Taxonomy. Directives. Policy.

How many days by default Will raw logs be stored if log expiraion is enabled? *. 30 days. 90 days. 365 days. 7 days.

One of the events collected by USM matches multiple policies. Which matching policy or policies will be applied? *. The firts policy. All policies. The last policy. The default policy.

Where should a policy be created if you want to be notified when directive triggers? *. Default policy group. Policies for events generated in sensor. Policies for events generated in server. AV default policies.

Which information does OTX provide in the web interface? *. Risk statictics visualized on a risk map. A list of botnets attacking your enviroment. The latest threat signatures being seen around the world. IPs of hosts performing malicious activities.

Which two configurations should be used to restrict a user´s ability to view and edit information? Choose 2 answers *. Permissions whit the user´assigned structure. The user´s visibility of correlation contexts. The user´s visibility of activity. Permissions within the user´assigned template.

Which function would be used to convert strings into numerical form for use a SID? *. Compare. Lookup. Resolv. Translate.

A HIDS (ossec) agent is installes on a Linux serverWhich command would be use don the Linux server to change the agent key associated whit the HIDS agents? *. /var/keys/change_agents. /var/ossec/bin/ossec-control. /var/ossec/bin/manage_agents. /var/ossec/bin/agent_control.

Which field in a report module selects the SIEM or logger? *. Condition. DS groups. Source database. Group by.

After how many changes Will Alienvault HIDS (ossec) stop reporting changes made to a files by default? *. 2. 24. 256. 3.

You are trying to troubleshoot performance issues on your Alienvault isntallation. You come across the following log line in the /var/log/ alienvault/server/server.log: “OSSIM-Message: Failed to connect database:Error:” ¿ what you can use to verify the error? *. Service database status. Service mysql status. Service ossim status. Service percona status.

An administrator must create a new account that only has read Access to view alarm and log information. How can the administrator configure the necessary permissions? *. Dashboards>Overview. Analysis>Security_Events (SIEM). Configuration>Threat Intelligence. Configuration> Administration.

In which two situations would a policy need to use a custom script action? Choose 2 answers *. Adjust the priority of an event. Initiate an SNMP poll. Add an offending IP to a firewall policy. Forward an event to USM Logger.

What does the Alienvault USM start monitoring about an asset when availability moritoring is enabled. *. The system resource utilizations of the assets. The asset in answering to ping. The network utilization of the asset. All known services for the asset are runing.

Which port does a HIDS (ossec) agent use to send logs to the HIDS server?. TCP/ 40001. UDP/514. TCP/1515. UDP 1514.

What are three requirements for detecting network host names and adding them to the asset database when running a manual Asset Discovery Scan?. Check FQDN as HOSTNAME. Select the full scan type. Check enable reverse DNS Resolution. Check autodetect services and operating System. Have the internal DNS server configure on the scannig sensor.

Which options would generate an alarm in a situation where the source asset value is 3? Choose 2 answer *. dest asset value: 5, priority: 1, Reliability:5d. dest asset value: 5, priority: 2, Reliability:2. dest asset value: 1, priority: 5, Reliability:2. dest asset value: 5, priority: 4, Reliability:2.

After a custom SIEM search return data, can that data set be used in a report? *. No, custom searches are not supported as custom reports. Yes, if you save the custom view as custom report module. Yes, if you export the data set in xml format, then import it as a report. No, the reporting system queries a diferent data set than a the SIEM console.

Which three plugin retrieval methods are supported in a default install of AlienVault USM? Choose 3 answers *. MSSQL. MYSQL. NTP. TFTP. SDEE.

An administrator must create a new account that only has read Access to view alarm and log information. How can the administrator configure the necessary permissions? *. Create a template whit the necessary restrictions. Restrict visibility to the read-only entity. Remove all Alienvault devices and components from visibility. Configure a structure that includes all monitores devices.

Which of the following requires the action called “executed an external program”? *. Create a ticket on Alarm creation. Deploy a HIDS agent to a windows machine. Send an email on alarm creation. Create a firewall rule o Alarm creation.

After installing a HIDS (ossec) agent in a Linux server, there is still no communication between the HIDS Agent and the HIDS server. What could be the problem in this situation? *. The snare plugin is not turned on. The wrong agent key is entered on the server. There is a firewall blocking UDP port 1514. The /var/log/alerts.log file is absent.

A remote Server Logger is added to an existing Alienvault deployment to only receive specific events from an Alienvault USM server for long forensic storage. How in this configuration done on the Alienvault USM server thtough the web interface? *. By setting up forward directives in the Alienvault USM Server configuration. By setting up policy rules to forward events to the remote Server Logger. By adding the Server Logger IP into the sensor configuration through the Alienvault center. By setting up an action to email each evento to thew remote Server Logger.

In Which two areas can event category and subcategory be used?Choose 2 Answer *. Forensic evidence. policies. OTX feed. reports.

Which graphical option is avaible when creating custom modules for reporting? *. pie. area. bar. none.