To report on matches in the NWDB against a series of fixed values, include which feature in your report definition?
- A . An Application Rule
- B . A List
- C . An Enrichment Source
- D . A Subscription
To create a custom feed, initiate the action by selecting which top-level module?
- A . Investigate
- B . Admin
- C . Monitor
- D . Configure
Which of the following choices is defined as being a delineated set of network data units that comprise a transaction from start to finish’?
- A . Frame
- B . Packet
- C . Session
- D . Token
In RSA NetWitness. viewing text or image data associated with a session is accessed through a
- A . packet level drill
- B . meta value view
- C . session reconstruction view
- D . decoder analysis view
When storage on the core devices fills to capacity, what happens?
- A . new traffic cannot be ingested
- B . the decoder leverages capacity in the concentrator, and collection continues
- C . the decoder leverages capacity in the broker, and collection continues
- D . the oldest stored sessions are deleted and collection continues
Administrators can use the Profile feature to limit views with (Choose three)
- A . Meta groups
- B . Custom column groups
- C . Assigned pre-queries
- D . Automated role assignment
- E . Data privacy policies
- F . List view
To customize your query display in Events View, create
- A . Custom Meta Groups
- B . Custom Column Groups
- C . Profiles
- D . Dashlets
You can configure replication for log data by setting up a remote collector and creating
- A . a Virtual Log Collector
- B . a lockbox
- C . host groups
- D . destination groups
What types of data can the Archiver store?
- A . Raw Log only
- B . Raw Log and Log Meta
- C . Raw Log, Log Meta. Packet Meta
- D . Raw Log. Log Meta. Raw Packet. Packet Meta
Which RSA NetWitness component captures and parses data off the wire?
- A . Packet Decoder
- B . Broker
- C . Concentrator
- D . Log Decoder
To add an action to the right-click menu in the Investigation Ul. create a
- A . Right-click action
- B . Profile
- C . Context Hub List
- D . Context Menu Action
Parsers can be enabled on which of the following?
- A . Packet Decoder only
- B . Packet Decoder and Log Decoder
- C . Packet Decoder and Log Decoder and Concentrator
- D . Packet Decoder and Log Decoder and Concentrator and Broker
Which of the following choices describes a fundamental unit of network traffic transmitted from one IP device to another?
- A . Packet
- B . Chart
- C . Session
- D . Schedule
What are the data sources available in RSA NetWitness when creating a Reporting Engine rule?
- A . Short, Long, Truncated
- B . IPDB, ODBC, FileReader
- C . Broker, Concentrator, Decoder
- D . NetWitness DB, Warehouse DB, Respond DB
Which of the following rule types relies on two or more events occurring within a specified window of time?
- A . Network Rule
- B . Application Rule
- C . Correlation Rule
- D . BPF Filter Rule
What are the two basic operations you might perform to make use of a Live resource?
- A . move and copy
- B . download and enable
- C . save and apply
- D . subscribe and deploy
Service Groups are used primarily for
- A . grouping metadata from specified hosts
- B . deploying Live resources to specified services
- C . grouping hosts for batch configuration
- D . grouping hosts for monitoring performance in the Health and Wellness view
The NetWitness Trust Model is based on
- A . User ID
- B . User Role
- C . IP address
- D . Hardware address
What are three important things to configure on a Log Decoder’?
- A . Capture Auto-Start. Service Parsers, Capture Interface
- B . Capture Settings. Aggregation Auto-Start. Profile settings
- C . Investigation Settings. Capture Settings. Service Parsers
- D . Aggregation Auto-Start. Capture Settings. Investigation Settings
Where do you define dynamic charts for real-time display in Dashboards?
- A . Default Dashboard
- B . MONITOR > Reports > Manage > Charts
- C . MONITOR > Reports > Charts > View
- D . CONFIGURE > ESA Rules