Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Service Groups are used primarily for

A.

grouping metadata from specified hosts

B.

deploying Live resources to specified services

C.

grouping hosts for batch configuration

D.

grouping hosts for monitoring performance in the Health and Wellness view

Where is the PAM configuration file located on an RSA NetWitness appliance'?

A.

/etc/hosts

B.

/etc/pam.d

C.

/opVbin/pam

D.

/usr/birVconfig

What happens when you set the metadata associated with a parser to Transients

A.

Transient means the Decoder is using the parser to parse traffic, and the generated metadata is not stored on disk

B.

Transient means the Decoder is using the parser to parse traffic, and the generated metadata is retained on disk for 24 hours

C.

Transient means the Decoder is using the parser only to filter out data, not to generate metadata

D.

Transient means the Decoder is using the parser only for ESA

The accuracy of Automated Threat Detection is enhanced by configuring

A.

Who is Lookup Service

B.

Incident Rules

C.

ESA Analytics Mappings

D.

Context Hub

To create meta keys that will appear in the Investigation view, you would most commonly edit configuration files on the

A.

Packet Decoder

B.

Concentrator

C.

Broker

D.

Log Decoder

You configure an email server for notifications for everything except the Reporting Engine in:

A.

ADMIN > System > Global Auditing

B.

ADMIN > System > Legacy Notifications

C.

ADMIN > System > Email

D.

ADMIN > System > Global Notifications

What are the pre-configured roles in RSA NetWitness?

A.

EVENT_ANALYST, INTRUSION_ANALYST SOC-MANAGER, ADMIN, OPERATOR, RESPOND_ADMINlSTRATOR

B.

EVENT_STREAM_ANALYST WAREHOUSE_ANALYST, ARCHIVER_ANALYST, DB_ANALYST ADMINISTRATOR

C.

MALWARE_ANALYST, ESA_ANALYST, REPORT_ANALYST ADMINISTRATOR

D.

ADMINISTRATORS, OPERATORS, ANALYSTS SOC_MANAGERS, MALWARE_ANALYSTS, DATA_PRIVACY_OFFICERS, RESPOND ADMINISTRATOR

Parsers can be enabled on which of the following?

A.

Packet Decoder only

B.

Packet Decoder and Log Decoder

C.

Packet Decoder and Log Decoder and Concentrator

D.

Packet Decoder and Log Decoder and Concentrator and Broker

When storage on the core devices fills to capacity, what happens?

A.

new traffic cannot be ingested

B.

the decoder leverages capacity in the concentrator, and collection continues

C.

the decoder leverages capacity in the broker, and collection continues

D.

the oldest stored sessions are deleted and collection continues

To automate incident creation of alerts in the Respond interface, create

A.

ESA Rules

B.

Respond Rules

C.

Incident Rules

D.

Reporting Rules