Black Friday Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia
  1. Home
  2. RSA
  3. NetWitness Platform
  4. 050-11-CARSANWLN01
  5. RSA NetWitness Logs & Network Administrator Exam Questions and Answers

050-11-CARSANWLN01 Sample Questions Answers

Questions 4

Which RSA NetWitness host provides the web server for reporting investigation, administration, and other aspects of the user interface?

Options:

A.

NetWitness Server

B.

Concentrator

C.

Decoder

D.

Broker

Buy Now
Questions 5

The logical operators available for Querying in Investigations depend on the Index Level of the individual meta key Which Index Level limits your query to the logical operators "exists'' and 'texists""?

Options:

A.

IndexNone

B.

IndexKeys

C.

IndexValues

D.

IndexAII

Buy Now
Questions 6

To run a report you need to create which of the following?

Options:

A.

View

B.

Alert

C.

Report rule

D.

Schedule

Buy Now
Questions 7

What are the two basic operations you might perform to make use of a Live resource?

Options:

A.

move and copy

B.

download and enable

C.

save and apply

D.

subscribe and deploy

Buy Now
Questions 8

Parsers can be enabled on which of the following?

Options:

A.

Packet Decoder only

B.

Packet Decoder and Log Decoder

C.

Packet Decoder and Log Decoder and Concentrator

D.

Packet Decoder and Log Decoder and Concentrator and Broker

Buy Now
Questions 9

What types of data can the Archiver store?

Options:

A.

Raw Log only

B.

Raw Log and Log Meta

C.

Raw Log, Log Meta. Packet Meta

D.

Raw Log. Log Meta. Raw Packet. Packet Meta

Buy Now
Questions 10

Which RSA NetWitness component indexes metadata extracted from network or log data and makes it available for querying?

Options:

A.

Broker

B.

Informer

C.

Spectrum

D.

Concentrator

Buy Now
Questions 11

What is the definition of an RSA NetWitness ad hoc feed?

Options:

A.

A feed that is deployed one time on one or more Decoders

B.

A feed that is deployed once on three or more Decoders

C.

A feed that is deployed on no more than three Decoders once

D.

A feed that is deployed on one or more Decoders at least three times

Buy Now
Questions 12

When NetWitness receives a log from an event source that does not currently exist in the Admin. Event Sources list, what does it do?

Options:

A.

Writes the log to the Archiver but not the Decoder

B.

Parses the log to the Decoder, but in transient mode only

C.

Adds the new Event Source to the existing list of Event Sources

D.

Ignores the log altogether

Buy Now
Questions 13

Which of the following is the basic building block of a report in RSA NetWitness?

Options:

A.

Rule

B.

Broker

C.

Packet

D.

Session

Buy Now
Questions 14

To enable reporting alerts to be sent to the Respond interface, you would

Options:

A.

set up an output action in the Report Engine configuration

B.

change the capture interface in Reporting sources

C.

configure forwarding of alerts in the Reporting Engine configuration

D.

set up an output action in a Report

Buy Now
Questions 15

Which of the following actions can a Network Rule NOT perform?

Options:

A.

Filter

B.

Truncate

C.

Alert

D.

Forward

Buy Now
Questions 16

Which statement about Health and Wellness Alarm Suppression is false?

Options:

A.

Suppression schedules can be defined for individual rules

B.

Suppression schedules can be defined for entire policies

C.

Suppression schedules can be applied to out-of-the-box policies

D.

Multiple suppression schedules can be defined

Buy Now
Questions 17

In what order are filters evaluated as data flows through the Decoder?

Options:

A.

Feeds. Network Rules. LUA Parsers. Application Rules. BPF

B.

Feeds. Network Rules. BPF. Application Rules, LUA Parsers

C.

Network Rules. Feeds. Application Rules. BPF, LUA Parsers

D.

BPF. Network Rules. LUA Parsers. Feeds. Application Rules

Buy Now
Questions 18

Which of the following choices is defined as being a delineated set of network data units that comprise a transaction from start to finish'?

Options:

A.

Frame

B.

Packet

C.

Session

D.

Token

Buy Now
Questions 19

Which CLI command would have the effect of starting the Ul Web Server in NetWitness 11?

Options:

A.

start —s nwappliance

B.

systemctl start saserver service

C.

systemctl start jetty service

D.

systemctl start -s saserver

Buy Now
Questions 20

Where do you reset the password for an admin user?

Options:

A.

ADMIN > System > Updates > Reset Password

B.

ADMIN > Security > Settings > Reset Password

C.

ADMIN > Security > Users > Reset Password

D.

ADMIN > System > Reset Password

Buy Now
Questions 21

Which of the following rule types relies on two or more events occurring within a specified window of time?

Options:

A.

Network Rule

B.

Application Rule

C.

Correlation Rule

D.

BPF Filter Rule

Buy Now
Exam Code: 050-11-CARSANWLN01
Exam Name: RSA NetWitness Logs & Network Administrator Exam
Last Update: Nov 21, 2024
Questions: 71
$57.75  $164.99
$43.75  $124.99
$36.75  $104.99
buy now 050-11-CARSANWLN01