New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

RSA 050-11-CARSANWLN01 - RSA NetWitness Logs & Network Administrator Exam

RSA 050-11-CARSANWLN01 Premium Access     Download Demo    
Page: 2 / 3
Total 71 questions

Service Groups are used primarily for

A.

grouping metadata from specified hosts

B.

deploying Live resources to specified services

C.

grouping hosts for batch configuration

D.

grouping hosts for monitoring performance in the Health and Wellness view

To automate incident creation of alerts in the Respond interface, create

A.

ESA Rules

B.

Respond Rules

C.

Incident Rules

D.

Reporting Rules

Which of the following statements is true regarding Packet-based analysis in general?

A.

Packet-based analysis is required for viewing log and session data

B.

Packet-based analysis is based on metadata capture reduced to packets

C.

Packet-based analysis can be accomplished with common tools such as Wireshark

D.

Packet-based analysis is accomplished using the table-map xml file

Which of the following is the basic building block of a report in RSA NetWitness?

A.

Rule

B.

Broker

C.

Packet

D.

Session

You configure an email server for notifications for everything except the Reporting Engine in:

A.

ADMIN > System > Global Auditing

B.

ADMIN > System > Legacy Notifications

C.

ADMIN > System > Email

D.

ADMIN > System > Global Notifications

What happens when you set the metadata associated with a parser to Transients

A.

Transient means the Decoder is using the parser to parse traffic, and the generated metadata is not stored on disk

B.

Transient means the Decoder is using the parser to parse traffic, and the generated metadata is retained on disk for 24 hours

C.

Transient means the Decoder is using the parser only to filter out data, not to generate metadata

D.

Transient means the Decoder is using the parser only for ESA

Logging in to NetWitness via RAM requires which of the following to succeed'?

A.

PAM User Authentication

B.

NSS Group Authentication

C.

PAM User Authentication and Group Mapping

D.

Kerberos Authentication

To allow for automatic email notification when your reports have run. (Choose two)

A.

create a Report Rule

B.

enable email notification in the Report rule

C.

enable email notification in the Report Schedule view

D.

create an output action in the Reporting Engine configuration

E.

add the mail server as a data source to the Reporting Engine

What is the main purpose of creating a meta group?

A.

Isolate log data

B.

Perform Visualization analysis

C.

Eliminate unneeded keys

D.

Increase the amount of data available for analysis

Under the NetWitness Trust Model, in order to log in to multiple services a user need only have an account on which device?

A.

Concentrator.

B.

Packet Decoder

C.

NetWitness Server

D.

Windows Domain Controller