1. Home
  2. RSA
  3. NetWitness Platform
  4. 050-11-CARSANWLN01
  5. RSA NetWitness Logs & Network Administrator Exam Questions and Answers

Pass the RSA NetWitness Platform 050-11-CARSANWLN01 Questions and answers with CertsForce

 RSA Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

Which step happens first in the RSA NetWitness data flow on the Packet Decoder when the capture interface is set to packet_mmap_"?

Options:
A.

Feeds evaluated

B.

Network rules evaluated

C.

Application rules evaluated

D.

Berkeley Packet Filter evaluated

Expert Solution
Questions # 12:

What types of data can the Archiver store?

Options:
A.

Raw Log only

B.

Raw Log and Log Meta

C.

Raw Log, Log Meta. Packet Meta

D.

Raw Log. Log Meta. Raw Packet. Packet Meta

Expert Solution
Questions # 13:

Which of the following statements about Health and Wellness Policies is false?

Options:
A.

Policies can be defined by NW administrators

B.

Out-of-the-box policies are enabled by default

C.

Out-of-the-box policies can be edited by NW administrators

D.

Out-of-the-box policies are provided for most NW services

Expert Solution
Questions # 14:

Where do you define dynamic charts for real-time display in Dashboards?

Options:
A.

Default Dashboard

B.

MONITOR > Reports > Manage > Charts

C.

MONITOR > Reports > Charts > View

D.

CONFIGURE > ESA Rules

Expert Solution
Questions # 15:

Application rules can be configured on

Options:
A.

Log Decoder

B.

Log Decoder and Packet Decoder

C.

Log Decoder, Packet Decoder, and Concentrator

D.

Log Decoder, Packet Decoder, Concentrator, and Broker

Expert Solution
Questions # 16:

Which statement about Health and Wellness Alarm Suppression is false?

Options:
A.

Suppression schedules can be defined for individual rules

B.

Suppression schedules can be defined for entire policies

C.

Suppression schedules can be applied to out-of-the-box policies

D.

Multiple suppression schedules can be defined

Expert Solution
Questions # 17:

To add an action to the right-click menu in the Investigation Ul. create a

Options:
A.

Right-click action

B.

Profile

C.

Context Hub List

D.

Context Menu Action

Expert Solution
Questions # 18:

What are the pre-configured roles in RSA NetWitness?

Options:
A.

EVENT_ANALYST, INTRUSION_ANALYST SOC-MANAGER, ADMIN, OPERATOR, RESPOND_ADMINlSTRATOR

B.

EVENT_STREAM_ANALYST WAREHOUSE_ANALYST, ARCHIVER_ANALYST, DB_ANALYST ADMINISTRATOR

C.

MALWARE_ANALYST, ESA_ANALYST, REPORT_ANALYST ADMINISTRATOR

D.

ADMINISTRATORS, OPERATORS, ANALYSTS SOC_MANAGERS, MALWARE_ANALYSTS, DATA_PRIVACY_OFFICERS, RESPOND ADMINISTRATOR

Expert Solution
Questions # 19:

What of the following components can be used to set up external authentication for RSA NetWitness?

Options:
A.

AAoP

B.

Broker

C.

Spectrum

D.

PAM

Expert Solution
Questions # 20:

Which of the following choices describes a fundamental unit of network traffic transmitted from one IP device to another?

Options:
A.

Packet

B.

Chart

C.

Session

D.

Schedule

Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions