Interview questions for ArcSight
I am about to give an interview for ArcSight administrator position. I have implemented RSA SIEM tools and created content in ArcSight. But not really experienced on administration and deployment part of ArcSight.
Can anyone share some commonly asked questions relating to ArcSight deployment and administration? Even general questions are welcome.
You can ask about:
- Supported platforms for the ESM ArcSight (very limited number)
- Typical requirement for resources (CPU, RAM) for "heavy" and "light" deployments
- Bringing Connectors to the ESM: standalone Smart Connectors, ConnApps, Loggers.
II. Day-to-Day user administration
- Users administration (creation, removal)
- Users' permissions
- Gathering logs (their locations) at a ESM server (ESM Manager, Smart Connectors)
- Start/stop/restart of ESM services
- Archives setup and monitoring
IV. Content administration - is more related for a "Content authoring" (all types of resources, packages).