CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

RSA 050-11-CARSANWLN01 Dumps

Page: 1 / 3
Total 71 questions
Get 050-11-CARSANWLN01 Full Access Download 050-11-CARSANWLN01 PDF

RSA NetWitness Logs & Network Administrator Exam Questions and Answers

Question 1

In order to run Reports against data stored on the Archiver you must

Options:

A.

restore data from cold storage to any hot storage device

B.

restore the Archiver data to any Concentrator

C.

add the Archiver to the Reporting Engine's list of configured data sources

D.

add the Archiver to the Concentrator's list of configured data sources

Question 2

When storage on the core devices fills to capacity, what happens?

Options:

A.

new traffic cannot be ingested

B.

the decoder leverages capacity in the concentrator, and collection continues

C.

the decoder leverages capacity in the broker, and collection continues

D.

the oldest stored sessions are deleted and collection continues

Question 3

To create meta keys that will appear in the Investigation view, you would most commonly edit configuration files on the

Options:

A.

Packet Decoder

B.

Concentrator

C.

Broker

D.

Log Decoder

Question 4

What of the following components can be used to set up external authentication for RSA NetWitness?

Options:

A.

AAoP

B.

Broker

C.

Spectrum

D.

PAM

Question 5

The Context Hub runs as a service on which Host?

Options:

A.

Decoder

B.

Concentrator

C.

ESA

D.

Server

Question 6

Which of the following statements is true regarding Packet-based analysis in general?

Options:

A.

Packet-based analysis is required for viewing log and session data

B.

Packet-based analysis is based on metadata capture reduced to packets

C.

Packet-based analysis can be accomplished with common tools such as Wireshark

D.

Packet-based analysis is accomplished using the table-map xml file

Question 7

Service Groups are used primarily for

Options:

A.

grouping metadata from specified hosts

B.

deploying Live resources to specified services

C.

grouping hosts for batch configuration

D.

grouping hosts for monitoring performance in the Health and Wellness view

Question 8

Which of the following are valid sources for the Context Hub? (Choose two)

Options:

A.

RSA Endpoint

B.

Respond Server

C.

Health and Wellness module

D.

Web Threat Detection

E.

Reporting Engine

Question 9

Under the NetWitness Trust Model, in order to log in to multiple services a user need only have an account on which device?

Options:

A.

Concentrator.

B.

Packet Decoder

C.

NetWitness Server

D.

Windows Domain Controller

Question 10

To automate incident creation of alerts in the Respond interface, create

Options:

A.

ESA Rules

B.

Respond Rules

C.

Incident Rules

D.

Reporting Rules

Page: 1 / 3
Total 71 questions
Get 050-11-CARSANWLN01 Full Access Download 050-11-CARSANWLN01 PDF