To create a custom feed, initiate the action by selecting which top-level module?
A . Investigate
B . Admin
C . Monitor
D . Configure
Answer: D
In RSA NetWitness. viewing text or image data associated with a session is accessed through a
In RSA NetWitness. viewing text or image data associated with a session is accessed through a
A . packet level drill
B . meta value view
C . session reconstruction view
D . decoder analysis view
Answer: C
Parsers can be enabled on which of the following?
Parsers can be enabled on which of the following?
A . Packet Decoder only
B . Packet Decoder and Log Decoder
C . Packet Decoder and Log Decoder and Concentrator
D . Packet Decoder and Log Decoder and Concentrator and Broker
Answer: B
When storage on the core devices fills to capacity, what happens?
When storage on the core devices fills to capacity, what happens?
A . new traffic cannot be ingested
B . the decoder leverages capacity in the concentrator, and collection continues
C . the decoder leverages capacity in the broker, and collection continues
D . the oldest stored sessions are deleted and collection continues
Answer: D
What are three important things to configure on a Log Decoder’?
What are three important things to configure on a Log Decoder’?
A . Capture Auto-Start. Service Parsers, Capture Interface
B . Capture Settings. Aggregation Auto-Start. Profile settings
C . Investigation Settings. Capture Settings. Service Parsers
D . Aggregation Auto-Start. Capture Settings. Investigation Settings
Answer: A
Which RSA NetWitness component captures and parses data off the wire?
Which RSA NetWitness component captures and parses data off the wire?
A . Packet Decoder
B . Broker
C . Concentrator
D . Log Decoder
Answer: A
What are the two basic operations you might perform to make use of a Live resource?
What are the two basic operations you might perform to make use of a Live resource?
A . move and copy
B . download and enable
C . save and apply
D . subscribe and deploy
Answer: D
You can configure replication for log data by setting up a remote collector and creating
You can configure replication for log data by setting up a remote collector and creating
A . a Virtual Log Collector
B . a lockbox
C . host groups
D . destination groups
Answer: D
To report on matches in the NWDB against a series of fixed values, include which feature in your report definition?
To report on matches in the NWDB against a series of fixed values, include which feature in your report definition?
A . An Application Rule
B . A List
C . An Enrichment Source
D . A Subscription
Answer: B
Administrators can use the Profile feature to limit views with (Choose three)
Administrators can use the Profile feature to limit views with (Choose three)
A . Meta groups
B . Custom column groups
C . Assigned pre-queries
D . Automated role assignment
E . Data privacy policies
F . List view
Answer: A,B,C