|| Proctored exam taken at dedicated testing center
||1 hour 55 minutes
These recommended courses help you prepare for the exam
|Additional study materials
ArcSight Essentials course
ArcSight ESM Administrator course
ArcSight Connector Appliance Administration course
ArcSight Logger Administration and Operations course
ArcSight Express with CORR Engine (No Oracle DB) course
Register for this Exam
You will need an HP Learner ID
and a Pearson VUE login and password.
During the exam, you can make specific comments about the exam and items. HP welcomes these comments as part of our continuous improvement process.
No online or hard copy reference material will be allowed at the testing site. This exam may contain beta test items for experimental purposes.
This exam tests your ability to present and demonstrate HP ArcSight ESM, HP ArcSight Logger, HP ArcSight Express, HP ArcSight solutions, HP ArcSight connectors and appliances, architecture and sizing, and Proof of Concept process.
Who should take this exam?
The exam is for Presales Professionals who will work with Sales Personnel to provide product, business and technical knowledge in support of pre-sales activities, and will be concerned with key customer-facing technical activities at this stage.
This exam has 62 questions.
Here are types of questions to expect:
- Multiple choice (multiple responses)
- Multiple choice (single response)
Tips for taking this exam
You are not required to take the recommended supporting courses and completion of training does not guarantee that you will pass the exam. HP strongly recommends a combination of training, thorough review of courseware and additional study references, and sufficient on the job experience prior to taking the exam.
This exam validates that you can successfully perform the following:
- Identify ArcSight benefits.
- Describe HP ArcSight Logger .
- Describe HP Express.
- Identify HP ArcSight use cases.
Presenting and Demonstrating HP ArcSight ESM
- Describe ArcSight ESM features.
- Identify how ESM tools can be implemented.
- Describe the HP ArcSight ESM architecture.
- Identify ESM tasks.
- Identify benefits of profiling.
- Identify benefits of case management.
- Identify top competitors.
- Identify information to demo for Express.
- Identify information to demo for Logger.
- Identify selling points against IBM\Q1.
- Identify selling points against RSA envision.
Presenting and Demonstrating HP ArcSight Logger
- Identify the ArcSight Logger benefits.
- Describe what questions a log management system should answer.
- Identify ArcSight Logger features and deployment.
- Identify tradeoffs in log management tools.
- Identify advantages of data types.
- Describe data handling during a network outage.
- Identify ArcSight Logger storage architecture features.
- Identify how ArcSight Logger can scale.
- Identify additional solutions.
- Identify ArcSight Logger deployment options.
- Identify ArcSight Logger small business options.
- Identify ArcSight Logger reporting.
Presenting and Demonstrating HP ArcSight Express
- Compare ArcSight ESM and Express.
- Identify features of CORR Engine.
- Identify new features in Express 3.0.
- Identify the Express architecture.
- Identify how Connectors work.
- Understand dual event feed from Logger > Express/ESM.
- Describe Express detection.
- Identify Express correlation features.
- Identify Express out-of-the box use cases.
- Identify ThreatDetector.
- Identify Express compliance benefits.
- Identify CIP.
Presenting and Demonstrating HP ArcSight Solutions
- Identify the HP ESP platform that provides a consolidated security view.
- Identify products associated with the HP Security platform.
Presenting and Demonstrating HP ArcSight Connectors and Appliances
- Identify out of box connectors.
- Describe FlexConnectors.
- Describe normalization.
- Describe categorization.
- Describe filtering and aggregation.
- Describe how SmartConnectors secure communication.
- Describe log traffic management.
- Describe how to update Connectors.
- Identify Connectors features.
Architecture and Sizing
- Identify the basic Connector to both Logger + ESM architecture.
- Identify the transport methods for various architectures.
- Describe how to identify insider threats.
- Identify architecture for PCI requirements.
- Demonstrate knowledge of available sizing calculators.
- Describe top-down sizing approach considerations.
- Identify information to obtain from the Account Representative.
- Identify the dimensioning criteria.
- Demonstrate knowledge of pricing for appliances.
- Demonstrate knowledge of pricing for software.
Proof of Concept Process
- Understand Proof of Concept process.
- Describe Proof of Concept steps.
- Identify which technical requirements should be considered before a POC.
- Understand the POC schedule.
- Identify technical checks before a POC.
- Identify POC tasks.
- Identify Logger evaluation and steps.
- Identify POC Logger functions.
- Identify Express functions during the POC.
- Identify steps to locate malicious content.
- Identify steps to show POC success.
- Identify content in POC scoping document.