RSA 050-11-carsanwln01 practice test

RSA NetWitness Logs & Network Administrator Exam


Question 1

What is the main purpose of creating a meta group?

  • A. Isolate log data
  • B. Perform Visualization analysis
  • C. Eliminate unneeded keys
  • D. Increase the amount of data available for analysis
Answer:

C

Discussions
0 / 600

Question 2

What are the pre-configured roles in RSA NetWitness?

  • A. EVENT_ANALYST, INTRUSION_ANALYST SOC-MANAGER, ADMIN, OPERATOR, RESPOND_ADMINlSTRATOR
  • B. EVENT_STREAM_ANALYST WAREHOUSE_ANALYST, ARCHIVER_ANALYST, DB_ANALYST ADMINISTRATOR
  • C. MALWARE_ANALYST, ESA_ANALYST, REPORT_ANALYST ADMINISTRATOR
  • D. ADMINISTRATORS, OPERATORS, ANALYSTS SOC_MANAGERS, MALWARE_ANALYSTS, DATA_PRIVACY_OFFICERS, RESPOND ADMINISTRATOR
Answer:

D

Discussions
0 / 600

Question 3

Which of the following can NOT be configured as a data source for the Reporting Engine?

  • A. Broker
  • B. Concentrator
  • C. Archiver
  • D. ESA
Answer:

D

Discussions
0 / 600

Question 4

Which of the following is a valid data source for Respond Alerts?

  • A. Live Feeds
  • B. Application Rules
  • C. Network Rules
  • D. Reporting Engine
Answer:

D

Discussions
0 / 600

Question 5

RSA NetWitness services implement what type of access control?

  • A. Role-based
  • B. Digital Certificate-based
  • C. Access Control List (ACL)
  • D. Discretionary Access Control (DAC)
Answer:

A

Discussions
0 / 600

Question 6

Which of the following are valid sources for the Context Hub? (Choose two)

  • A. RSA Endpoint
  • B. Respond Server
  • C. Health and Wellness module
  • D. Web Threat Detection
  • E. Reporting Engine
Answer:

A, B

Discussions
0 / 600

Question 7

Which output actions are available when creating Reporting Engine alerts'?

  • A. OSX, ODBC, Syslog
  • B. ODBC, SQL, Syslog, SMTP, URL, NetworkShare
  • C. SNMP, SMTP, Syslog, SFTP, URL, NetworkShare
  • D. SNMP, ODBC, Syslog, FTP
Answer:

C

Discussions
0 / 600

Question 8

To report on matches in the NWDB against a series of fixed values, include which feature in your
report definition?

  • A. An Application Rule
  • B. A List
  • C. An Enrichment Source
  • D. A Subscription
Answer:

B

Discussions
0 / 600

Question 9

If you choose "Stop Rule Processing" in your Application Rule definition, which of the following are
action choices? (Choose three)
A. Keep
B. Filter
C. Truncate
D. Index
E. Transient
F. Remove

Answer:

ABC
//community.rsa.com/docs/DOC-42041

Discussions
0 / 600

Question 10

In RSA NetWitness. viewing text or image data associated with a session is accessed through a

  • A. packet level drill
  • B. meta value view
  • C. session reconstruction view
  • D. decoder analysis view
Answer:

C

Discussions
0 / 600
To page 2