050-728 practice tests

  • Passed NOVELL 050-728 Exam with Pass4sure and Lead2pass PDF & VCE (31-40)

    QUESTION 31
    Which filter will display all events of severity 3 and 4 and operating system of windows?

    A.    Filter(e.severity = 3 or e.severity = 4 and e.rv31 = “windows”)
    B.    Filter(e.severity = 3 and e.severity = 4 and e.rv31 = “windows”)
    C.    Filter(e.rv31 = “windows” or (e.severity = 3 or severity = 4))
    D.    Filter(e.rv31 = “windows” and (e.severity = 3 or severity = 4))

    Answer: C

    QUESTION 32
    Which Sentinel component can only run on windows platform?

    A.    Collector Builder
    B.    Correlation engine
    C.    Sentinel Data Manager
    D.    Sentinel Control Center

    Answer: A

    QUESTION 33
    You want to create a correlation that refers to a dynamic list naming your administrative resources. Which option should you choose in the Correlation Wizard to complete the rule?

    A.    Sequence
    B.    Composite
    C.    Aggregate
    D.    Custom/Freeform

    Answer: B

    QUESTION 34
    What is one purpose of using Taxonomy?

    A.    Simplify filtering
    B.    Define user roles
    C.    Maintain active view data
    D.    Transform data between events

    Answer: A

    QUESTION 35
    Which statement about right-click actions is true? (Choose 2)

    A.    You can mail iTRAC incident response history
    B.    You can pass global filter settings to a script
    C.    You can pass a Source IP addresses to a script
    D.    You can dynamically create a correlation rule
    E.    You can pass a Destination User Name to a URL

    Answer: AD
    Explanation:
    A: To send an event message by e-mail:
    In a Real Time Event Table, select an event or a group of events, right-click and select Email.
    D: In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
    event or a group of events and right-click and select Create Incident.

    QUESTION 36
    When is Referential data added?

    A.    In active views
    B.    At the correlation engine
    C.    After it enters the database
    D.    Before it enters the message bus

    Answer: C

    QUESTION 37
    Which component is used to edit Collectors written in Novell’s proprietary collector language?

    A.    Collector Builder
    B.    Solution Manager
    C.    Collector Manager
    D.    Event Source Manager

    Answer: A

    QUESTION 38
    Which protocol or service does the Control Center user to access the reporting engine?

    A.    HTTP
    B.    ODBC
    C.    DAS_PROXY
    D.    DAS-QUERY
    E.    DAS-BINARY

    Answer: A

    QUESTION 39
    Which correlation rule execute when an IDS event sourceIP matches a sourceIP from a past Firewall event in the last 60 seconds?

    A.    Filter(e.RV32=”IDS”) flow window(e.sip = w.sip, filter(e.RV32=”FW), 60)
    B.    Filter(e.RV32=”IDS” or e.RV32=”FW”) flow trigger(60,2,discriminator(e.sip))
    C.    Sequence(filter(e.RV32=”IDS” and e.sip match Subnet (192.168.255.100)), filter (e.RV32=”FW” and e.sip match Subnet (192.168.255.90))
    D.    Filter(e.RV32 = “IDS” and e.sip match subnet(192.168.1.1)) union filter(e.RV = “FW” and e.Sip match subnet(192.168.255.90))

    Answer: A

    QUESTION 40
    How can correlation rules be added to sentinel? (Choose 3)

    A.    Collector Builder
    B.    Import from remedy
    C.    Subscription Service
    D.    Import Solution Pack
    E.    Event Source Manager

    Answer: ABE

    If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 practice tests.
    If you can master all lead2pass questions you will able to pass 100% guaranteed.

    http://www.lead2pass.com/050-728.html

  • Passed NOVELL 050-728 Exam with Pass4sure and Lead2pass PDF & VCE (21-30)

    QUESTION 21
    Which Sentinel objects can be imported into Sentinel Control Center interface? (Choose 2)

    A.    Users
    B.    Global filters
    C.    Active views
    D.    Solution packs
    E.    iTRAC Workflow
    F.    Correlation rules

    Answer: CF
    Explanation:
    C: After creating an Activity, you can modify, import or export it.
    To import an Activity:
    1 Click iTRAC tab.
    2 In the Navigator, click iTRAC Administration > Activity Manager.
    3 Click Import/Export Activity icon. Import/Export Wizard window displays.
    4 Select Import Activity and click Explore.
    5 Navigate to your import file. Click Import.
    6 Click Next. You will see a list of activities that are imported.
    7 Click Next and click Finish.
    F: To Import a Correlation Rule:
    1 Open the Correlation Rules Manager window and click Import/Export Correlation Rule icon.
    Etc.

    QUESTION 22
    The Sentinel Correlation Engine Architecture is made up which components? (Choose 2)

    A.    DAS Query
    B.    Active views
    C.    Input manager
    D.    Action Manager
    E.    Solution Pack Controls

    Answer: AB
    Explanation:
    Note:
    * Sentinel Server Architecture

    image
    * A Sentinel Server is made up of the following components:
    / Communication Server
    / Correlation Engine
    / DAS
    / Collector Manager
    Any combination of the above components can be installed in a particular Sentinel Server.
    * DAS_Query Performs general Sentinel Service operations including Login and Historical Query.

    QUESTION 23
    Which actions are applicable as an iTRAC step? (Choose 4)

    A.    Mail Step
    B.    Logic Step
    C.    Manual Step
    D.    DropList Step
    E.    Decision step
    F.    Command step
    G.    UpdateList Step
    H.    Batch process Step

    Answer: ACEF
    Explanation:
    Steps are the basic components of a Template. Every Template must have a Start Step and an End
    Step. The Start Step exists by default. You can also add the following types of Steps to a Template:
    Mail Step
    Manual Step
    Decision Step
    Command Step
    Activity Step
    End Step

    QUESTION 24
    What operators can only be used when using the Custom/Freeform option in correlation wizard? (Choose 3)

    A.    Flow
    B.    Gate()
    C.    Filter()
    D.    IsNull()
    E.    InList()
    F.    Window()
    G.    Sequence()
    H.    Match subnet

    Answer: DEH
    Explanation:
    * Freeform rules are the only way to include certain functionality in a correlation rule. Freeform rules give you the ability to do the following:
    / Nest operations using parentheses (to specify order of operations) / (E) Use the inlist operator to refer to a dynamic list / (D)Use the isnull operator to refer to unpopulated fields / Use the w. prefix for a field name in the window operation to compare an incoming event’s value to a set of previous events
    * The match subnet operator can be used to build a condition where the value of a metatag maches a user-specified subnet specified in the rule in CIDR notation. This operator is used only for IP address fields.
    Example:
    filter(e.DestinationIP match subnet (10.0.0.1/22))
    Note:
    * The Sentinel Correlation Engine runs rules that are written in the Correlation RuleLg language.
    Rules are created in the Sentinel Control Center. Users can create rules using a wizard for the
    following rule types:
    / Simple Rule
    / Composite Rule
    / Aggregate Rule
    / (not G) Sequence Rule
    These rules are converted to the Correlation RuleLg language when the rules are saved. The same rule types, plus even more complex rules, can be created in the Sentinel Control Center using the Custom/Freeform option. To use the Custom/Freeform option, the user must have a good understanding of the Correlation RuleLg language.

    QUESTION 25
    What does a red line indicate in the tabular part of an active view?

    A.    A severe event occurred
    B.    A collector error occurred
    C.    Data was dropped by Sentinel
    D.    More events were received than could be displayed

    Answer: D

    QUESTION 26
    Which statement is true regarding roles used by ITRAC?

    A.    Users can be made a member of only one role
    B.    Users can be members of multiple roles at any one time
    C.    Users can be a member of one member role and many secondary roles
    D.    When a user is created, a new role is created for that user and the user may then be added to additional role

    Answer: B

    QUESTION 27
    You create and deploy a correlation rule with a Create incident action that also indicates an iTRAC workflow. After having the rule on for an hour, you find that the system has created several hundred workflow processes. What steps can you take to address this problem? (Choose 2)

    A.    Change the iTRAC settings in the configuration xml file
    B.    Configure the Data retention field in the Sentinel Data Manager
    C.    Set the maximum incidents setting to 10 in the correlation action definition
    D.    Adjust the definition of the rule so the threshold for triggering an event is higher
    E.    Change the Update Criteria to do not perform actionsevery time this rule fires for the next 1 hour

    Answer: AC

    QUESTION 28
    Which Incident field provides a GUI option to configure the items in the drop-down list?

    A.    State
    B.    Priority
    C.    Severity
    D.    Category
    E.    Originator

    Answer: B

    QUESTION 29
    When using the Correlation rule Wizard, which option would you select to create the RuleLG filter (e.rv32=*FW* and e.Severity = 3)

    A.    Simple
    B.    Sequence
    C.    Aggregate
    D.    Composite

    Answer: D

    QUESTION 30
    What happens when a user accepts a worklist item assigned to an iTRAC role?

    A.    The administrator receives an email notification
    B.    The user’s profile information is attached to the incident
    C.    An assignment is made in the USERS table of the database
    D.    The worklist item is removed from the worklist for the other users in that role

    Answer: D

    If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 exam questions.
    If you can master all lead2pass questions you will able to pass 100% guaranteed.

    http://www.lead2pass.com/050-728.html

  • Passed NOVELL 050-728 Exam with Pass4sure and Lead2pass PDF & VCE (11-20)

    QUESTION 11
    Which are standard methods in creating Incidents? (Choose 3)

    A.    Create an incident from a dynamic list
    B.    Start an iTrac process with an import events step.
    C.    Create an empty incident and populate it with events
    D.    Generate a Crystal Report and click the create Incident link.
    E.    Use custom filter scripts to configure collectors to create an incident
    F.    Select events from within an active view and add to an existing incident
    G.    Associate a preconfigured correlation action to create an incident when a rule fires

    Answer: CFG
    Explanation:
    C: To create an Incident:
    / Click Incidents > Create Incident, or click Create Incident button on the Tool Bar. The New Incident window displays.

    image
    Etc
    F: In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
    event or a group of events and right-click and select Create Incident.
    G: Create Incident
    Figure, Configure Action- Create Incident

    image
    This type of action can only be used in Correlation deployments

    QUESTION 12
    By which method do the Collector managers use to connect to the iScale Message Bus? (Choose 2)

    A.    FTP
    B.    SNMP
    C.    Proxy
    D.    Direct
    E.    Advanced script

    Answer: CD
    Explanation:
    There are two communication options available when installing the Collector Manager:
    * Connect directly to the message bus (default)
    * Connect to the message bus through the proxy:

    QUESTION 13
    You have modified your Collectors so they put Department in a custom variable (CV68) when you open an Active view, the column is still labeled CV66. Which menu options would you use to change the column label to Department?

    A.    Active view > properties
    B.    Admin > event Configuration
    C.    Active views > Event Management
    D.    Event Source management > Columns

    Answer: D

    QUESTION 14
    Which feature allows you to dynamically filter and drill down in a set of historical events?

    A.    Raw Data Tap
    B.    Active Browser
    C.    Historical Event Query
    D.    Crystal Reports on Analysis tab

    Answer: C

    QUESTION 15
    Which compatible variable types are used in iTRAC templates? (Choose 3)

    A.    Bye
    B.    Word
    C.    Class
    D.    Charo
    E.    String
    F.    Integer
    G.    Boolean

    Answer: EFG
    Explanation:
    Variables
    The user can also be asked to set one or more variables to appropriate values. Four variable types
    can be assigned to manual steps: (1) Integer, (2) Boolean, (3) String and (4) Float.

    QUESTION 16
    Which of the following RuleLG commands acts as an AND function?

    A.    Flow
    B.    Union()
    C.    Sequence()
    D.    Intersection()

    Answer: D

    QUESTION 17
    Active views can be viewed by which chart types? (Choose 2)

    A.    Ribbon
    B.    Public: All
    C.    Virtual mode
    D.    Severity Level
    E.    Stacked Bar 2D

    Answer: AE
    Explanation: Under the Chart Types tab, you can set your chart to Stacked Bar2D, Bar 3D, Line or Ribbon.

    image

    QUESTION 18
    Which statement is true regarding Transaction?

    A.    A transaction does not support timeouts.
    B.    A transaction connects two steps in workflow template
    C.    A transaction imports additional events into an iTRAC process
    D.    A transaction modifies the template at the beginning or end of the process

    Answer: AC

    QUESTION 19
    You have created a custom .csv file to match IP addresses in your network to Department name and point of Contact. Which tools do you need to use in order to include Department Name and point of Contact in your incoming event stream from the Collectors? (Choose 2)

    A.    Filter Manager
    B.    Correlation Engine
    C.    Event configuration
    D.    Mapping configuration
    E.    Event Source Management

    Answer: CD
    Explanation:
    C: Event Configuration include Event Mapping.
    D: Event Mapping is a mechanism that allows you to add data to an event by using data already in the event to reference and pull in data from an outside source.
    Note:
    * A map is a collection of values and keys defined in a CSV or text file. You can enrich your data by using maps. With the help of maps you can add additional information to the incoming events from your source device.
    * Sentinel injects business-relevant contextual data directly into the event stream. It includes up to 135 customizable fields where users can add in asset specific information such as business unit, owner, asset value, geography. After this information is added into the system, all other components can take advantage of the additional context.
    * The Collectors parse the data and deliver a richer event stream by injecting taxonomy, exploit
    detection and business relevance into the data stream before events are correlated and analyzed and sent to the database.
    Incorrect:
    Not B: The Correlation Engine (correlation_engine) process receives events from the Collector Manager
    and publishes correlated events based on user-defined correlation rules.

    QUESTION 20
    You want to create a correlation action that executes a JavaScript action. Which option should you choose?

    A.    Create java
    B.    Create Incident
    C.    Execute a Script
    D.    Execute a command

    Answer: D

    If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 dumps.
    If you can master all lead2pass questions you will able to pass 100% guaranteed.

    http://www.lead2pass.com/050-728.html

  • Passed NOVELL 050-728 Exam with Pass4sure and Lead2pass PDF & VCE (1-10)

    QUESTION 1
    To achieve better system performance and scalability in regards to Event collection and processing, which Sentinel components can you install multiple instances of? (Choose 2)

    A.    Reporting server
    B.    Solution Designer
    C.    Collection Manager
    D.    Correlation engine
    E.    Sentinel Control centre

    Answer: CD
    Explanation:
    At most one Communication Server and DAS component can be installed across all
    Sentinel Servers in a distributed Sentinel installation. On the other hand, multiple instances of
    Correlation Engine and Collector Managers are allowed.

    QUESTION 2
    Which actions does the Right click option on events within an Active View allow an Administrator to perform? (Choose 3)

    A.    Email
    B.    Create Incident
    C.    Add to Incident
    D.    Connect to advisor
    E.    Display DAS statistics
    F.    Create iTRAC template

    Answer: ABC
    Explanation:
    A: To send an event message by e-mail:
    In a Real Time Event Table, select an event or a group of events, right-click and select Email.
    B: To create an incident:
    In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
    event or a group of events and right-click and select Create Incident.

    image
    C: To add events to an incident:
    In a Real Time Event Table or a Snapshot, select an event or a group of events and right- click.
    Click Add To Incident.

    QUESTION 3
    What compliance and regulatory Solution Pack is the first one offered for sale by Novell?

    A.    Sarbanes-Oxley
    B.    GLBA (Gramrn-Leach-Bliley Act)
    C.    PCI-DSS(Payment Card Industry)
    D.    HIPAA(Health insurance portability and accountability)

    Answer: D

    QUESTION 4
    Which RuleLG operation compares the current event to a set of past events that are stored in temporary memory?

    A.    Flow
    B.    Filter()
    C.    Trigger()
    D.    Window

    Answer: D

    QUESTION 5
    You want to configure a menu action to execute a script against an event on an Active View. Where do you need to store the script?

    A.    The exec directory of the Sentinel Communication Server
    B.    The config directory of Sentinel Communication Server
    C.    The exec directory of every Sentinel control centre machine
    D.    The script directory of every Sentinel control centre machine

    Answer: C

    QUESTION 6
    Which component is used to communicate with the Sentinel database?

    A.    iScale
    B.    DAS RT
    C.    DAS PROXY
    D.    DAS binary

    Answer: C

    QUESTION 7
    Which attributes influence when an element is removed from a Dynamic list? (Choose 3.)

    A.    Database capacity
    B.    Element life span
    C.    Maximum number of elements
    D.    Persistent/transient setting
    E.    Sentinel data manager scheduling
    F.    Amount of memory on iScale message Bus
    G.    Number of correlation rules that are deployed

    Answer: BCD
    Explanation:
    There are several ways an element can be removed from a Dynamic List.
    / A user can remove it manually
    / (The element can be removed by a correlation rule action / (BD) The Transient elements life span can expire / (C) If the maximum number of elements for a Dynamic List is reached, elements are removed from
    the list to keep the list at or below the maximum list size. The transient elements are removed
    (from oldest to newest) before any persistent elements are removed.

    QUESTION 8
    Which functions are performed using the Sentinel Data Manager? (Choose 2)

    A.    User creation
    B.    Manual achieving
    C.    Database creation
    D.    Raw Event Storage
    E.    Re-import partitions
    F.    Correlation rule Management

    Answer: BE
    Explanation:
    Sentinel Data Manager (SDM) allows you to manage the Sentinel Database. You can perform the following operations in the SDM:
    * Monitor Database Space Utilization
    * (E) View and Manage Database Partitions
    * (B) Manage Database Archives
    * Import Data into the Database

    QUESTION 9
    Which Sentinel objects can contain one or more events? (Choose 2)

    A.    Ticket
    B.    Incident
    C.    Collector
    D.    Integrator
    E.    Correlation event

    Answer: BC
    Explanation:
    B:
    * An incident is a set of events that require attention (for example, a possible attack).
    *
    C: The real-time attacks that are generated as events are loaded into the Sentinel database by using the intrusion detection systems or vulnerability type Collectors.

    QUESTION 10
    Which source can Sentinel 8 user for incorporating referential data?

    A.    Local csv file
    B.    Persistent lists
    C.    Correlation engine
    D.    Events table in the database

    Answer: D

    If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 practice tests.
    If you can master all lead2pass questions you will able to pass 100% guaranteed.

    http://www.lead2pass.com/050-728.html