Spring Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. RSA
  3. NetWitness Platform
  4. 050-11-CARSANWLN01
  5. RSA NetWitness Logs & Network Administrator Exam Questions and Answers

050-11-CARSANWLN01 RSA NetWitness Logs & Network Administrator Exam Questions and Answers

Questions 4

Which of the following are valid sources for the Context Hub? (Choose two)

Options:

A.

RSA Endpoint

B.

Respond Server

C.

Health and Wellness module

D.

Web Threat Detection

E.

Reporting Engine

Buy Now
Questions 5

To run a report you need to create which of the following?

Options:

A.

View

B.

Alert

C.

Report rule

D.

Schedule

Buy Now
Questions 6

Which storage options are available for Archiver storage?

Options:

A.

DAC, SAN. and NAS

B.

NAS and SAN

C.

DAS and NAS

D.

JBOD and DAS

Buy Now
Questions 7

When adding a data source to the ESA device. RSA recommends using only the

Options:

A.

Concentrator

B.

Decoder

C.

Log Collector

D.

Archiver

Buy Now
Questions 8

What are the data sources available in RSA NetWitness when creating a Reporting Engine rule?

Options:

A.

Short, Long, Truncated

B.

IPDB, ODBC, FileReader

C.

Broker, Concentrator, Decoder

D.

NetWitness DB, Warehouse DB, Respond DB

Buy Now
Questions 9

The types of feeds that you can add to RSA NetWitness are:

Options:

A.

Public feed, private feed

B.

Custom feed. Live feed

C.

Identity feed, resource feed

D.

Custom feed, identity feed

Buy Now
Questions 10

Administrators can use the Profile feature to limit views with (Choose three)

Options:

A.

Meta groups

B.

Custom column groups

C.

Assigned pre-queries

D.

Automated role assignment

E.

Data privacy policies

F.

List view

Buy Now
Questions 11

To enable reporting alerts to be sent to the Respond interface, you would

Options:

A.

set up an output action in the Report Engine configuration

B.

change the capture interface in Reporting sources

C.

configure forwarding of alerts in the Reporting Engine configuration

D.

set up an output action in a Report

Buy Now
Questions 12

Which CLI command would have the effect of starting the Ul Web Server in NetWitness 11?

Options:

A.

start —s nwappliance

B.

systemctl start saserver service

C.

systemctl start jetty service

D.

systemctl start -s saserver

Buy Now
Questions 13

What is the main purpose of creating a meta group?

Options:

A.

Isolate log data

B.

Perform Visualization analysis

C.

Eliminate unneeded keys

D.

Increase the amount of data available for analysis

Buy Now
Questions 14

What of the following components can be used to set up external authentication for RSA NetWitness?

Options:

A.

AAoP

B.

Broker

C.

Spectrum

D.

PAM

Buy Now
Questions 15

To create meta keys that will appear in the Investigation view, you would most commonly edit configuration files on the

Options:

A.

Packet Decoder

B.

Concentrator

C.

Broker

D.

Log Decoder

Buy Now
Questions 16

To create a feed for all of your event sources, you could:

Options:

A.

Deploy a feed from Live

B.

Export event source data from the Manage Events Sources interface and create a custom feed

C.

Create a log parser

D.

Export event source data from the Manage Events Sources interface and create an identity feed

Buy Now
Questions 17

Which RSA NetWitness component captures and parses data off the wire?

Options:

A.

Packet Decoder

B.

Broker

C.

Concentrator

D.

Log Decoder

Buy Now
Questions 18

Parsers can be enabled on which of the following?

Options:

A.

Packet Decoder only

B.

Packet Decoder and Log Decoder

C.

Packet Decoder and Log Decoder and Concentrator

D.

Packet Decoder and Log Decoder and Concentrator and Broker

Buy Now
Questions 19

To report on matches in the NWDB against a series of fixed values, include which feature in your report definition?

Options:

A.

An Application Rule

B.

A List

C.

An Enrichment Source

D.

A Subscription

Buy Now
Questions 20

RSA NetWitness services implement what type of access control?

Options:

A.

Role-based

B.

Digital Certificate-based

C.

Access Control List (ACL)

D.

Discretionary Access Control (DAC)

Buy Now
Questions 21

When storage on the core devices fills to capacity, what happens?

Options:

A.

new traffic cannot be ingested

B.

the decoder leverages capacity in the concentrator, and collection continues

C.

the decoder leverages capacity in the broker, and collection continues

D.

the oldest stored sessions are deleted and collection continues

Buy Now
Exam Code: 050-11-CARSANWLN01
Exam Name: RSA NetWitness Logs & Network Administrator Exam
Last Update: Apr 30, 2026
Questions: 71

PDF + Testing Engine

$63.52  $181.49
buy now 050-11-CARSANWLN01 pdf + testing engine

Testing Engine

$50.57  $144.49
buy now 050-11-CARSANWLN01 testing engine

PDF (Q&A)

$43.57  $124.49
buy now 050-11-CARSANWLN01 pdf