Exam ID HP0-M68
Exam type Proctored exam taken at dedicated testing center
Exam duration 1 hour 40 minutes
Exam length 60 questions
Passing score 65%
Delivery languages English
Related Certifications
Supporting courses These recommended courses help you prepare for the exam
Additional study materials

Register for this Exam

You will need an HP Learner ID and a Pearson VUE login and password.

During the exam, you can make specific comments about the exam and items. HP welcomes these comments as part of our continuous improvement process.
No online or hard copy reference material will be allowed at the testing site. This exam may contain beta test items for experimental purposes.

Exam description

This exam tests your skills related with administration tasks in security environments of an ArcSight ESM implementation, such as ESM user management, SSL certificate administration and data backups.

Who should take this exam?

Beyond product specific knowledge, you should have broad technical knowledge of a number of security technologies and a solid understanding of information and networking security. This exam is intended for any system administrator that will be responsible for administering some aspect of an ArcSight ESM implementation. You are expected to have completed the suggested ArcSight ESM Administrator training or equivalent self directed study and have six months of production level experience performing administrative tasks within ArcSight ESM.

Exam contents

This exam has 60 questions. Here are types of questions to expect:
  • Multiple choice (multiple responses)
  • Multiple choice (single response)

Tips for taking this exam

This exam will be presented in a single block. You can move from question to question within the block, to skip questions or to change your answers, or both. Once you submit your answers for the block, you cannot return to it to review questions or change your answers.

Take the time to read the entire question and consider all of the options carefully before you answer. If the question indicates that it features an exhibit, study the exhibit and reread the question. Make sure to select the answer that correctly responds to the question that is asked — not simply an answer that includes some correct information. If the question asks for more than one answer, remember to select each correct answer. You will not receive partial credit for a partially correct answer.

Objectives

This exam validates that you can successfully perform the following:
12%

Manage an ArcSight ESM Implementation

  • Identify functions of ArcSight ESM components and relationships among different components.
  • Perform steps to verify status and restart component services.

10%

ArcSight Connector Basics

  • Identify types of ArcSight Connectors and connector capabilities.
  • Identify ArcSight Connector installation steps and configuration options.
  • Identify ArcSight Connector upgrade steps and connectivity options.

7%

Storage and Retention Policies

  • Identify primary types of storage in ESM.
  • Identify key components of Event storage area.
  • Understand retention periods and describe time- and space- based Event storage retention.
  • Describe active and archived retention periods and configure archiving.

5%

ArcSight Console

  • Configure Console preferences.
  • Navigate within ESM resources.

5%

Web Management Console

  • Identify TCP port required by Web Management Console.
  • Manage users and groups using Web Management Console.
  • Manage CORR-Engine using Web Management Console.

2%

Back up ArcSight ESM

  • Identify files/folders that need to be backed up.

6%

ESM Authentication

  • Identify ESM Authentication mechanisms.
  • Understand ESM Authentication guidelines.

20%

Administer ArcSight ESM

  • Create a user and manage user group permissions using ACLs.
  • Understand and configure notifications.
  • Describe Network and Asset Model resources.
  • Identify uses of SSL technology in ArcSight ESM and describe SSL setup options.
  • Identify functions of ArcSight Packages.
  • Create a package and export the package to a bundle.

10%

Stock Content Dashboards

  • Identify stock content dashboards for managing ESM vital functions.
  • Identify stock content dashboards for monitoring system health.

12%

Manage Connectors

  • Monitor connector status.
  • Identify operation commands.
  • Identify connectors' Dashboards
  • Understand the process of exporting and importing connector configurations.
  • Understand connector upgrades, rollback and advanced connector options.

5%

Event Management Tasks

  • Identify turbo mode options.
  • Understand Event Field data mapping.
  • Describe necessary steps to fix events that are either parsed or categorized incorrectly.

6%

Troubleshoot ArcSight ESM

  • Collect ESM logs, thread dumps and system tables’ dumps.
  • Configure Send Logs utility.