Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the RSA NetWitness Platform 050-11-CARSANWLN01 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam 050-11-CARSANWLN01 Premium Access

View all detail and faqs for the 050-11-CARSANWLN01 exam

Go to Exam

789 Students Passed

97% Average Score

92% Same Questions
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

When NetWitness receives a log from an event source that does not currently exist in the Admin. Event Sources list, what does it do?

Options:

A.

Writes the log to the Archiver but not the Decoder

B.

Parses the log to the Decoder, but in transient mode only

C.

Adds the new Event Source to the existing list of Event Sources

D.

Ignores the log altogether

Questions # 12:

To create a custom feed, initiate the action by selecting which top-level module?

Options:

A.

Investigate

B.

Admin

C.

Monitor

D.

Configure

Questions # 13:

Which step happens first in the RSA NetWitness data flow on the Packet Decoder when the capture interface is set to packet_mmap_"?

Options:

A.

Feeds evaluated

B.

Network rules evaluated

C.

Application rules evaluated

D.

Berkeley Packet Filter evaluated

Questions # 14:

Where do you define dynamic charts for real-time display in Dashboards?

Options:

A.

Default Dashboard

B.

MONITOR > Reports > Manage > Charts

C.

MONITOR > Reports > Charts > View

D.

CONFIGURE > ESA Rules

Questions # 15:

Which of the following actions can a Network Rule NOT perform?

Options:

A.

Filter

B.

Truncate

C.

Alert

D.

Forward

Questions # 16:

Which of the following rule types relies on two or more events occurring within a specified window of time?

Options:

A.

Network Rule

B.

Application Rule

C.

Correlation Rule

D.

BPF Filter Rule

Questions # 17:

What are the pre-configured roles in RSA NetWitness?

Options:

A.

EVENT_ANALYST, INTRUSION_ANALYST SOC-MANAGER, ADMIN, OPERATOR, RESPOND_ADMINlSTRATOR

B.

EVENT_STREAM_ANALYST WAREHOUSE_ANALYST, ARCHIVER_ANALYST, DB_ANALYST ADMINISTRATOR

C.

MALWARE_ANALYST, ESA_ANALYST, REPORT_ANALYST ADMINISTRATOR

D.

ADMINISTRATORS, OPERATORS, ANALYSTS SOC_MANAGERS, MALWARE_ANALYSTS, DATA_PRIVACY_OFFICERS, RESPOND ADMINISTRATOR

Questions # 18:

To prevent a Meta key from being indexed on a core service, you can

Options:

A.

disable the parser for the Meta key in the device configuration

B.

add the value /eve/= indexNone to the key in the custom index file

C.

remove the Meta key from the Manage Default Meta Keys interface

D.

add the value valueMax= ‘’000000’’ to the key in the custom index file

Questions # 19:

To enable reporting alerts to be sent to the Respond interface, you would

Options:

A.

set up an output action in the Report Engine configuration

B.

change the capture interface in Reporting sources

C.

configure forwarding of alerts in the Reporting Engine configuration

D.

set up an output action in a Report

Questions # 20:

You configure an email server for notifications for everything except the Reporting Engine in:

Options:

A.

ADMIN > System > Global Auditing

B.

ADMIN > System > Legacy Notifications

C.

ADMIN > System > Email

D.

ADMIN > System > Global Notifications

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA