Passed NOVELL 050-728 Exam with Pass4sure and Lead2pass PDF & VCE (31-40)
QUESTION 31
Which filter will display all events of severity 3 and 4 and operating system of windows?
A. Filter(e.severity = 3 or e.severity = 4 and e.rv31 = “windows”)
B. Filter(e.severity = 3 and e.severity = 4 and e.rv31 = “windows”)
C. Filter(e.rv31 = “windows” or (e.severity = 3 or severity = 4))
D. Filter(e.rv31 = “windows” and (e.severity = 3 or severity = 4))
Answer: C
QUESTION 32
Which Sentinel component can only run on windows platform?
A. Collector Builder
B. Correlation engine
C. Sentinel Data Manager
D. Sentinel Control Center
Answer: A
QUESTION 33
You want to create a correlation that refers to a dynamic list naming your administrative resources. Which option should you choose in the Correlation Wizard to complete the rule?
A. Sequence
B. Composite
C. Aggregate
D. Custom/Freeform
Answer: B
QUESTION 34
What is one purpose of using Taxonomy?
A. Simplify filtering
B. Define user roles
C. Maintain active view data
D. Transform data between events
Answer: A
QUESTION 35
Which statement about right-click actions is true? (Choose 2)
A. You can mail iTRAC incident response history
B. You can pass global filter settings to a script
C. You can pass a Source IP addresses to a script
D. You can dynamically create a correlation rule
E. You can pass a Destination User Name to a URL
Answer: AD
Explanation:
A: To send an event message by e-mail:
In a Real Time Event Table, select an event or a group of events, right-click and select Email.
D: In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
event or a group of events and right-click and select Create Incident.
QUESTION 36
When is Referential data added?
A. In active views
B. At the correlation engine
C. After it enters the database
D. Before it enters the message bus
Answer: C
QUESTION 37
Which component is used to edit Collectors written in Novell’s proprietary collector language?
A. Collector Builder
B. Solution Manager
C. Collector Manager
D. Event Source Manager
Answer: A
QUESTION 38
Which protocol or service does the Control Center user to access the reporting engine?
A. HTTP
B. ODBC
C. DAS_PROXY
D. DAS-QUERY
E. DAS-BINARY
Answer: A
QUESTION 39
Which correlation rule execute when an IDS event sourceIP matches a sourceIP from a past Firewall event in the last 60 seconds?
A. Filter(e.RV32=”IDS”) flow window(e.sip = w.sip, filter(e.RV32=”FW), 60)
B. Filter(e.RV32=”IDS” or e.RV32=”FW”) flow trigger(60,2,discriminator(e.sip))
C. Sequence(filter(e.RV32=”IDS” and e.sip match Subnet (192.168.255.100)), filter (e.RV32=”FW” and e.sip match Subnet (192.168.255.90))
D. Filter(e.RV32 = “IDS” and e.sip match subnet(192.168.1.1)) union filter(e.RV = “FW” and e.Sip match subnet(192.168.255.90))
Answer: A
QUESTION 40
How can correlation rules be added to sentinel? (Choose 3)
A. Collector Builder
B. Import from remedy
C. Subscription Service
D. Import Solution Pack
E. Event Source Manager
Answer: ABE
If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 practice tests.
If you can master all lead2pass questions you will able to pass 100% guaranteed.