HP Related Exams
HPE2-W05 Exam

While investigating alerts you notice a user entity has triggered a historical alert for Large Internal Data
Download. While investigating the alert, you notice that the download came from a different device than normalfor the user. Based on these conditions, is this a possible cause? (This is a classic user account take overpattern.)
While looking in the IntroSpect Analyzer Conversations screen you see there are a large number of DNS sessions coming from one IP address on the data center network VLAN. Would this be a logical next step? (The device at the IP address could be infected with malware seeking Command and Control. You should audit the device.)
While troubleshooting integration between ClearPass and IntroSpect, you notice that there are no log events for either THROUGHPUT or ERROR in the ClearPass log source on the IntroSpect Analyzer. You are planning your troubleshooting actions.
Is this something you should check? (Check the authentication service being used in ClearPass for the Login – Logout enforcement policy.)