Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

RSA Exam 050-11-CARSANWLN01 Topic 4 Question 84 Discussion

Actual exam question for RSA's 050-11-CARSANWLN01 exam
Question #: 84
Topic #: 4
[All 050-11-CARSANWLN01 Questions]

When NetWitness receives a log from an event source that does not currently exist in the Admin. Event Sources list, what does it do?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Elroy at Sep 18, 2024, 06:58 AM

Limited Time Offer

25%

Off

Get Premium 050-11-CARSANWLN01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Onita
7 months ago
I'm going with Option B. Parsing the log in transient mode is a good compromise - it can still process the data without permanently adding the new source. And hey, at least it's not ignoring the log completely, right?
upvoted 0 times
Tonette
6 months ago
It's better than ignoring the log completely, that's for sure.
upvoted 0 times
...
Deja
7 months ago
I agree, transient mode is a good compromise for handling new event sources.
upvoted 0 times
...
Cherry
7 months ago
I think Option B is a smart choice. It allows for processing without permanent addition.
upvoted 0 times
...
...
Merissa
8 months ago
I'm not sure, but I think it might be B) Parses the log to the Decoder, but in transient mode only.
upvoted 0 times
...
Kate
8 months ago
I agree with Jamal, it makes sense to add the new Event Source to the list.
upvoted 0 times
...
Jamal
8 months ago
I think the answer is C) Adds the new Event Source to the existing list of Event Sources.
upvoted 0 times
...
Alberta
8 months ago
Option D is just plain lazy. Ignoring the log altogether? What is this, 1990? NetWitness should be all about capturing and analyzing every bit of data it can get its hands on.
upvoted 0 times
...
Ulysses
8 months ago
I agree with Laurel. Option C is the way to go. NetWitness needs to be dynamic and adapt to new event sources, not just ignore them.
upvoted 0 times
Alecia
7 months ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Leota
7 months ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Gregg
7 months ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...
Laurel
8 months ago
Option C seems to be the correct answer. NetWitness should add the new Event Source to the existing list, so it can start processing logs from that source going forward.
upvoted 0 times
Bev
7 months ago
D) Ignores the log altogether
upvoted 0 times
...
Rosita
7 months ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Whitney
8 months ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Judy
8 months ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...

Save Cancel
a