A customer with approximately 200 users in Active Directory, is running Aruba Mobility Controllers, Palo Alto firewalls, and Pulse Secure VPN and InfoBlox DNS on their network. They would like to implement the 2RU Fixed Configuration Analyzer Standard Edition.

Would this be a good response to the customer? (The Standard Edition will work for this customer as long as they do not want to capture the InfoBlox DNS logs.)

While talking to an associate, they ask you to describe how different alerts in IntroSpect indicate compromiseon the network. Would this be a correct statement? (If an entity executes a large download followed a few dayslater by a large upload to DropBox, this could be an indication that the entity is compromised.)

You are configuring a ClearPass Cluster to send endpoint context to an IntroSpect Analyzer for the wireless network. You want to test the setup after you have installed the XML file with the enforcement profiles and actions. Can this method be used to test that the setup is functioning correctly?

(Connect to the wireless network, and send a test authentication from a test device/user in the network. Observe the results in Access Tracker.)

Your company has found some suspicious conversations for some internal users. The security team suspects those users are communicating with entities in other countries. You have been assigned the task of identifying those users who are either uploading or downloading files from servers in other countries. Is this the best way to visualize conversations of suspected users in this scenario? (Visualizing conversation graphs.)

You receive an email alert that a Packet Processor forwarding AMON data at a remote site to a cloud-based Analyzer has stopped communicating.

Is this a valid step to try to fix the issue? (Log into the Packet Processor and check the Alerts page to make sure that the alert is still valid.)

You are planning to configure ClearPass to send endpoint context to IntroSpect. You need to create a checklist of functions that must be enabled in ClearPass to support this. Is this an option that is required? (Ingress Event Processing.)

Arube IntroSpect establishes different types of baselines to perform user or device behavior analysis. Is this acorrect description of a baseline that IntroSpect establishes? (Peer entity baselines: this typically takes 5 to 7days to establish a “steady state” that can be used.)

During a discovery at a large company, the customer asks if they can run IntroSpect on a segment of the network and only monitor a small group of users and servers as a trial. As their IT staff becomes familiar with the analytics, they want to expand the installation to the entire enterprise. Would this be a valid option for the customer? (The customer can deploy the analyzer at the first site and use whitelist/blacklist functions to contain the scope of the analytics to the smaller site.)

Refer to the exhibit.

Would this be a correct option when configuring a user account for a ClearPass to use to communicate with IntroSpect? (The username must be the host name of the ClearPass server, and the email address needs to be the username on the ClearPass server.)

Refer to the exhibit.

You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location C.)

An administrator scheduled a maintenance window for upgrading an IntroSpect system. Is this a true

statement about upgrading the IntroSpect system? (All Packer Processors should be upgraded first, then theIntroSpect Analyzer should be upgraded.)

You are a security analyst for a company where an Aruba infrastructure, such as Controllers, ClearPass, and Airwave, has been deployed. The company has recently deployed Aruba IntroSpect for security analytics. You are trying to understand the functionality of three components: Analyzer, Compute Node(CN), and Packet Processor of the IntroSpect system. Is this a good description of the functions of the Analyzer Node in the system? (The Analyzer Node is the center of the system, providing all of the control and interface to the other components.)