What do the start and end times associated with a notification destination indicate?
A. the period of time that the system waits for a notification response
B. the period of time during which the notification can be received
C. the period of time during which the destination is expected to respond
D. the period of time during which the notification can be sent to the destination

Correct Answer: D
Which component determines how a report looks when it is generated?
A. Query
B. Layout
C. Form
D. Template

Correct Answer: A
What are the three general types of Data Monitors?
A. event-based, correlation, and non-event based
B. event-based, correlation, and aggregation matching
C. event-based, matching conditions and non-event based
D. event-based, event graph, and non-event based

Correct Answer: C
What is the impact of checking Auto Update on the Search Results header, and selecting a time of 2 minutes?
A. The time span for this search to complete is limited to 2 minutes, and the current results are displayed.
B. The current field set is refreshed, and any results that changed in the grid are flagged with a highlight.
C. The current search query is rerun every 2 minutes following selection of the Auto Update check box
D. ArcSight Command Center checks for any new software updates occurring in the previous 2 minutes.
Correct Answer: B
Which ArcStght Console user settings can be changed in the Preferences Editor?
A. default time period of Active Channels
B. maximum number of viewable assets
C. date and time format
D. number of rows displayed in an Active Channel
Correct Answer: D

Report run start time, output format for report results, email distribution for report results, and report filters are all examples of what?
A. report parameters
B. report formats
C. report data sources
D. report attributes

Correct Answer: C
Which host user should own the .tararchive from which the ArcSight ESM Suite bin file containing ESM components, and installation and configuration wizards is extracted?
A. any user with admin group privilege
B. root user
C. arcsight user
D. archive user

Correct Answer: B
Which pairs of resources can be displayed in the ArcSight Web interface? (Select two.)
A. Search Filters and Saved Searches
B. Queries and Cases
C. Reports and Dashboards
D. Notifications and Active Channels
E. Knowledge Base articles and Templates

Correct Answer: CE
During your ESM installation and configuration, none of the Foundation Packages were selected in the Configuration Wizard. What should you do to install the Foundation Packages?
A. Manually upload the Foundation Packages to ESM using .arb files exported from another ESM instance
B. Reapply the ESM product license from Arc Sight Command Center to install the the Foundation Packages
C. Rerun the Configuration Wizard using Manager setup and select the Foundation Packages to install
D. Install the Foundation Packages from the ArcSight Console Resource Navigator right-click menus
Correct Answer: D
What are functions of Query-Viewers? (Select two.)
A. displaying the Boolean logic and conditions linkage behind filters ana rules criteria
B. providing a baseline analysis of events against which future queries can be compared
C. determining which devices are off-line at any given point in time by querying their status
D. providing a quick way to run SQL queries and identify trends without running reports
E. presenting detailed comparisons of report elements, not possible with reporting tools
Correct Answer: BD QUESTION 6
By default, which TCP/IP port is used by ArcSight Command Center to communicate with a web browser client?
A. 1521
B. 9443
C. 8443
D. 443

Correct Answer: C QUESTION 7
Which four basic Event Search elements affect what is displayed in the Search results?
A. filter, constraints, time range, and field set
B. filter, constraints, time range, and row limit
C. filter, time range, variables, and field set
D. filter, time range, time zone, and field set

Correct Answer: A QUESTION 8
Which access type is provided with ESM Access Control Lists?
A. Specific User read and write access to specific Resource Groups
B. Specific User Group read and write access to a specific Resource
C. Specific User Group read and write access to specific Resource Groups
D. Specific User read and write access to a specific Resource

Correct Answer: C QUESTION 9
Which statements are true about results in Query Viewers? (Select two.)
A. Results can be displayed as tables or charts, and added to Dashboards
B. Results can be used in event searches.
C. Results can be used to generate reports.
D. Results can be used as event filters.
E. Results can be forwarded as notifications.

Correct Answer: AC QUESTION 10
What is the procedure to reset all ArcSight Console preferences back to default?
A. In “console.properties” file, locate and edit the line: set default=true.
B. Copy the “console.defaults.properties” file to overwrite the “console.properties” file.
C. Stop the Console, delete or rename the user.ast file, and restart the Console.
D. In the File menu, click on Preferences, and select “Set to Default”.

Correct Answer: B QUESTION 11
Which processes occur in the first phase of the event lifecycle? (Select two.)
A. evaluating event data
B. applying event categories
C. applying hashing to event data
D. correlating event data
E. normalizing event data

Correct Answer: BE