New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > RSA > NetWitness Platform > 050-11-CARSANWLN01

050-11-CARSANWLN01 RSA NetWitness Logs & Network Administrator Exam Question and Answers

Question # 4

Which step happens first in the RSA NetWitness data flow on the Packet Decoder when the capture interface is set to packet_mmap_"?

A.

Feeds evaluated

B.

Network rules evaluated

C.

Application rules evaluated

D.

Berkeley Packet Filter evaluated

Full Access
Question # 5

To add an action to the right-click menu in the Investigation Ul. create a

A.

Right-click action

B.

Profile

C.

Context Hub List

D.

Context Menu Action

Full Access
Question # 6

Which RSA NetWitness component captures and parses data off the wire?

A.

Packet Decoder

B.

Broker

C.

Concentrator

D.

Log Decoder

Full Access
Question # 7

What of the following components can be used to set up external authentication for RSA NetWitness?

A.

AAoP

B.

Broker

C.

Spectrum

D.

PAM

Full Access
Question # 8

To run a report you need to create which of the following?

A.

View

B.

Alert

C.

Report rule

D.

Schedule

Full Access
Question # 9

Which of the following choices is defined as being a delineated set of network data units that comprise a transaction from start to finish'?

A.

Frame

B.

Packet

C.

Session

D.

Token

Full Access
Question # 10

To create meta keys that will appear in the Investigation view, you would most commonly edit configuration files on the

A.

Packet Decoder

B.

Concentrator

C.

Broker

D.

Log Decoder

Full Access