New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

RSA 050-11-CARSANWLN01 Exam - Topic 4 Question 84 Discussion

Actual exam question for RSA's 050-11-CARSANWLN01 exam
Question #: 84
Topic #: 4
[All 050-11-CARSANWLN01 Questions]

When NetWitness receives a log from an event source that does not currently exist in the Admin. Event Sources list, what does it do?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Elroy at Sep 18, 2024, 06:58 AM

Limited Time Offer

25%

Off

Get Premium 050-11-CARSANWLN01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Bobbye
3 months ago
Pretty sure it writes to the Archiver, not the Decoder.
upvoted 0 times
...
Talia
3 months ago
Surprised it doesn't add the new Event Source automatically!
upvoted 0 times
...
Noah
3 months ago
No way, it should just ignore the log.
upvoted 0 times
...
Kaycee
4 months ago
Yeah, I agree with that!
upvoted 0 times
...
Annalee
4 months ago
I think it goes to the Decoder in transient mode.
upvoted 0 times
...
Mendy
4 months ago
I definitely recall that it doesn’t just ignore the log, but I can’t remember if it writes to the Archiver or not.
upvoted 0 times
...
Avery
4 months ago
I’m leaning towards option B, but I could also see it adding the new Event Source to the list. It’s a bit confusing.
upvoted 0 times
...
Buddy
4 months ago
I remember a practice question about how NetWitness handles unknown event sources, and I feel like it might ignore the log altogether.
upvoted 0 times
...
Lazaro
5 months ago
I think the log gets parsed to the Decoder, but I'm not sure if it's in transient mode or not.
upvoted 0 times
...
Kaitlyn
5 months ago
D seems like the most straightforward answer to me. If the event source doesn't exist, it would just ignore the log altogether. But I'm not totally confident, so I'll have to double-check my understanding.
upvoted 0 times
...
Esteban
5 months ago
Okay, I've got it! The correct answer is C. NetWitness would automatically add the new event source to the existing list, so it can properly process logs from that source going forward.
upvoted 0 times
...
Royce
5 months ago
Hmm, I'm not sure about this one. I know NetWitness has a lot of different components, so it could be doing something more complex like writing to the Archiver but not the Decoder. I'll have to think this through carefully.
upvoted 0 times
...
Deeann
5 months ago
I think the answer is B. If the event source doesn't exist, it would parse the log to the Decoder but only in transient mode, not permanently adding it to the list.
upvoted 0 times
...
Onita
1 year ago
I'm going with Option B. Parsing the log in transient mode is a good compromise - it can still process the data without permanently adding the new source. And hey, at least it's not ignoring the log completely, right?
upvoted 0 times
Tonette
1 year ago
It's better than ignoring the log completely, that's for sure.
upvoted 0 times
...
Deja
1 year ago
I agree, transient mode is a good compromise for handling new event sources.
upvoted 0 times
...
Cherry
1 year ago
I think Option B is a smart choice. It allows for processing without permanent addition.
upvoted 0 times
...
...
Merissa
1 year ago
I'm not sure, but I think it might be B) Parses the log to the Decoder, but in transient mode only.
upvoted 0 times
...
Kate
1 year ago
I agree with Jamal, it makes sense to add the new Event Source to the list.
upvoted 0 times
...
Jamal
1 year ago
I think the answer is C) Adds the new Event Source to the existing list of Event Sources.
upvoted 0 times
...
Alberta
1 year ago
Option D is just plain lazy. Ignoring the log altogether? What is this, 1990? NetWitness should be all about capturing and analyzing every bit of data it can get its hands on.
upvoted 0 times
...
Ulysses
1 year ago
I agree with Laurel. Option C is the way to go. NetWitness needs to be dynamic and adapt to new event sources, not just ignore them.
upvoted 0 times
Alecia
1 year ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Leota
1 year ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Gregg
1 year ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...
Laurel
1 year ago
Option C seems to be the correct answer. NetWitness should add the new Event Source to the existing list, so it can start processing logs from that source going forward.
upvoted 0 times
Bev
1 year ago
D) Ignores the log altogether
upvoted 0 times
...
Rosita
1 year ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Whitney
1 year ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Judy
1 year ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...

Save Cancel