Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

RSA 050-11-CARSANWLN01 Exam - Topic 4 Question 84 Discussion

Actual exam question for RSA's 050-11-CARSANWLN01 exam
Question #: 84
Topic #: 4
[All 050-11-CARSANWLN01 Questions]

When NetWitness receives a log from an event source that does not currently exist in the Admin. Event Sources list, what does it do?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Elroy at Sep 18, 2024, 06:58 AM

Limited Time Offer

25%

Off

Get Premium 050-11-CARSANWLN01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Bobbye
6 months ago
Pretty sure it writes to the Archiver, not the Decoder.
upvoted 0 times
...
Talia
6 months ago
Surprised it doesn't add the new Event Source automatically!
upvoted 0 times
...
Noah
6 months ago
No way, it should just ignore the log.
upvoted 0 times
...
Kaycee
7 months ago
Yeah, I agree with that!
upvoted 0 times
...
Annalee
7 months ago
I think it goes to the Decoder in transient mode.
upvoted 0 times
...
Mendy
7 months ago
I definitely recall that it doesn’t just ignore the log, but I can’t remember if it writes to the Archiver or not.
upvoted 0 times
...
Avery
7 months ago
I’m leaning towards option B, but I could also see it adding the new Event Source to the list. It’s a bit confusing.
upvoted 0 times
...
Buddy
7 months ago
I remember a practice question about how NetWitness handles unknown event sources, and I feel like it might ignore the log altogether.
upvoted 0 times
...
Lazaro
8 months ago
I think the log gets parsed to the Decoder, but I'm not sure if it's in transient mode or not.
upvoted 0 times
...
Kaitlyn
8 months ago
D seems like the most straightforward answer to me. If the event source doesn't exist, it would just ignore the log altogether. But I'm not totally confident, so I'll have to double-check my understanding.
upvoted 0 times
...
Esteban
8 months ago
Okay, I've got it! The correct answer is C. NetWitness would automatically add the new event source to the existing list, so it can properly process logs from that source going forward.
upvoted 0 times
...
Royce
8 months ago
Hmm, I'm not sure about this one. I know NetWitness has a lot of different components, so it could be doing something more complex like writing to the Archiver but not the Decoder. I'll have to think this through carefully.
upvoted 0 times
...
Deeann
8 months ago
I think the answer is B. If the event source doesn't exist, it would parse the log to the Decoder but only in transient mode, not permanently adding it to the list.
upvoted 0 times
...
Onita
2 years ago
I'm going with Option B. Parsing the log in transient mode is a good compromise - it can still process the data without permanently adding the new source. And hey, at least it's not ignoring the log completely, right?
upvoted 0 times
Tonette
2 years ago
It's better than ignoring the log completely, that's for sure.
upvoted 0 times
...
Deja
2 years ago
I agree, transient mode is a good compromise for handling new event sources.
upvoted 0 times
...
Cherry
2 years ago
I think Option B is a smart choice. It allows for processing without permanent addition.
upvoted 0 times
...
...
Merissa
2 years ago
I'm not sure, but I think it might be B) Parses the log to the Decoder, but in transient mode only.
upvoted 0 times
...
Kate
2 years ago
I agree with Jamal, it makes sense to add the new Event Source to the list.
upvoted 0 times
...
Jamal
2 years ago
I think the answer is C) Adds the new Event Source to the existing list of Event Sources.
upvoted 0 times
...
Alberta
2 years ago
Option D is just plain lazy. Ignoring the log altogether? What is this, 1990? NetWitness should be all about capturing and analyzing every bit of data it can get its hands on.
upvoted 0 times
...
Ulysses
2 years ago
I agree with Laurel. Option C is the way to go. NetWitness needs to be dynamic and adapt to new event sources, not just ignore them.
upvoted 0 times
Alecia
2 years ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Leota
2 years ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Gregg
2 years ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...
Laurel
2 years ago
Option C seems to be the correct answer. NetWitness should add the new Event Source to the existing list, so it can start processing logs from that source going forward.
upvoted 0 times
Bev
2 years ago
D) Ignores the log altogether
upvoted 0 times
...
Rosita
2 years ago
C) Adds the new Event Source to the existing list of Event Sources
upvoted 0 times
...
Whitney
2 years ago
B) Parses the log to the Decoder, but in transient mode only
upvoted 0 times
...
Judy
2 years ago
A) Writes the log to the Archiver but not the Decoder
upvoted 0 times
...
...

Save Cancel