25
Question: 1 What happens if an event source device type is not immediately recognized by RSA enVision? (Check the one best answer.) A. It will be defined as "unknown" and for a limited time enVision will collect event data it generates B. Data from that device will be discarded until the device type can be defined C. An alert is generated by default to call an administrator's attention to the device D. The UDS Service will create a parsing XML file for the device and place data in the NIC Parse Cache Answer: A Question: 2 When setting up a Check Point firewall device, which of the following is a good practice that should be completed first? (Check the one best answer.) A. Stop and restart the Check Point Firewall Service B. Stop and restart the enVision NIC Collector Service C. Verify that the Check Point Log Viewer is receiving events D. Set an 8-character key to establish an authenticated connection Answer: C Question: 3 How many Remote Collectors (RC) can each Database Server (D-SRV) support? (Check the one best answer.) A. Eight (8) B. Ten (10) C. Sixteen (16) D. Thirty two (32) Answer: C Question: 4 After creating a customized Report Menu system, which RSA envision service(s) need to be restarted? A. Only the NIC Webserver Service B. The NIC Webserver and NIC Server Services C. The NIC Webserver, NIC Server and NIC Locator Services D. The NIC Webserver, NIC Server, NIC Locator, and NIC Packager Services Answer: A Question: 5

Question From Internet

Embed Size (px)

Citation preview

Page 1: Question From Internet

Question: 1What happens if an event source device type is not immediately recognized by RSA enVision?(Check the one best answer.)A. It will be defined as "unknown" and for a limited time enVision will collect event data itgeneratesB. Data from that device will be discarded until the device type can be definedC. An alert is generated by default to call an administrator's attention to the deviceD. The UDS Service will create a parsing XML file for the device and place data in the NIC ParseCacheAnswer: A

Question: 2When setting up a Check Point firewall device, which of the following is a good practice thatshould be completed first? (Check the one best answer.)A. Stop and restart the Check Point Firewall ServiceB. Stop and restart the enVision NIC Collector ServiceC. Verify that the Check Point Log Viewer is receiving eventsD. Set an 8-character key to establish an authenticated connectionAnswer: C

Question: 3How many Remote Collectors (RC) can each Database Server (D-SRV) support? (Check the onebest answer.)A. Eight (8)B. Ten (10)C. Sixteen (16)D. Thirty two (32)Answer: C

Question: 4After creating a customized Report Menu system, which RSA envision service(s) need to be restarted?A. Only the NIC Webserver ServiceB. The NIC Webserver and NIC Server ServicesC. The NIC Webserver, NIC Server and NIC Locator ServicesD. The NIC Webserver, NIC Server, NIC Locator, and NIC Packager ServicesAnswer: A

Question: 5When opening a connection in Event Explorer, you can define which of the following features?(Check the three correct answers.)A. DevicesB. Event categoriesC. Log messagesD. Time frameE. Local collectorAnswer: A, B, D

Question: 6In the RSA enVision UDS process, what is the purpose of performing Data Reduction steps?(Check the one best answer.)A. Improve speed and efficiency of data processingB. Compress unsupported device data prior to storageC. Apply ISO-approved abbreviations to message text stringsD. Decrease the rate that unsupported device data is collected

Page 2: Question From Internet

Answer: A

Question: 7If a customer has a specific syslog that they would like to use as part of a demonstration, you canload it into enVision for reporting and querying using which of the following? (Check the one bestanswer.)A. The lsdata utility to import the syslog fileB. Copying the syslog file into the IPDB data directoryC. Using the Data Injector utility to collect data from the syslog fileD. Using the Custom Reports ?View External Data function of the administrative GUIAnswer: C

Question: 8When planning an RSA enVision installation, which statements below about the Site Name areimportant considerations? (Check two answers.)A. The Site Name must match an enVision domain nameB. The Site Name must be unique within an enVision domain and cannot be the same as thecustomer's NetBIOS domain nameC. The Site Name must not contain any numeric or punctuation charactersD. The Site Name must have the same suffix as the Windows domain in which it residesE. The Site Name must not match the name of any existing Windows domain in the networkAnswer: B, E

Question: 9Why would the checkbox of a device type be grayed out On the Manage Device Types screen?(Check the one best answer.)A. It's not licensedB. Device is unknown but data can be collectedC. Device is known but not compatible with enVisionD. Device is associated with a monitored device within the NIC domainAnswer: D

Question: 10True or false. If a conflict exists with the default enVision collection port after applianceinstallation, the Collector Service can be modified to configure event collection on a different port.A. TrueB. FalseAnswer: A

Question: 11When would you expect a difference between the log information captured by RSA enVision andthe log information generated by a device? (Check the one best answer.)A. When the source IP address of the device is unknown to enVision.B. When the device is configured to send only certain events to syslog.C. When "Collect All Logs" is left unchecked in the Manage Devices screen.D. When the device is a known device and enVision recognizes the events to be non-critical.Answer: B

Question: 12In RSA enVision UDS development, Value Maps, Regular Expressions, and Functions are typesof which of the following? (Check the one best answer.)A. Data ReductionB. XML Parsing RulesC. Conditional VariablesD. Summary Data BucketsAnswer: C

Page 3: Question From Internet

Question: 13Which RSA enVision module is used to configure the enVision system as well as to monitor itshealth and performance? (Check the one best answer.)A. Overview moduleB. Alerts ModuleC. Analysis ModuleD. Reports ModuleAnswer: A

Question: 14When initially setting up a multiple appliance site, only the D-SRV unit is connected to a LAN ?allof the other units in the site then connect directly to the D-SRV.A. TrueB. FalseAnswer: B

Question: 15When creating a new enVision user account, which User Group is the account added to bydefault? (Check the one best answer.)A. Report-usersB. AdministratorsC. Temporary-usersD. All-applications-usersAnswer: D

Question: 16What are three steps that are part of the device interpretation process using UDS? (Check thethree best answers.)A. Configure devices to send log data to RSA enVisionB. Device identification (i.e. vendor, device name, class, sub-class, etc.)C. Identification of device collection methodD. Message definitionE. List of known vulnerabilitiesF. Data parsingAnswer: B, D, F

Question: 17The administrator can use the RSA enVision's user authentication feature to complete whattasks? (Check two answers.)A. Use an existing Microsoft Active Directory authentication serverB. Associate administrative users with an authentication serverC. Require enVision users to change passwords on a periodic basisD. Enforce a pre-defined set of 'prohibited passwords' based on a dictionary fileE. Utilize existing domain authenticated user accounts as the basis for enVision user accountsAnswer: A, E

Question: 18What two tasks does UDS complete when the command "uds reate" is executed to create adevice? (Check the two best answers.)A. Creates the files <devicename>.ini, <devicename>client.txt, <devicename>vendor.txt and<devicename>msg.xmlB. Immediately starts collecting data from the new deviceC. Identifies all associated devices that have been configuredD. Create all directory structures required for the deviceE. Lists all devices to verify that the device does not already exist

Page 4: Question From Internet

Answer: A, D

Question: 19The UDS development process involves which of the following tasks? (Check two answers.)A. Verifying XML syntax and parsingB. Using XML to convert device logs to IPDB formatC. Mapping a device name to an existing enVision deviceD. Creating an XML file to define header and message informationAnswer: A, D

Question: 20What does RSA enVision do when it is set to auto-discover new devices? (Check the one bestanswer.)

A. Adds new supported devices automatically to the list of monitored devices in the ManageMonitored Devices screenB. Temporarily holds in the "New Device" cache and begins to collect data after it is approved byan administratorC. RSA enVision alerts members of the "administrators" group to add a new device to the list ofmonitored devicesD. RSA enVision automatically exports device attributes to an XML file for an administrator toreviewAnswer: A

Question: 21To remove a UDS device from an RSA enVision system, you must delete the device from the listof monitored devices and which of the following? (Check the one best answer.)A. Delete the <devicename> folder from the \enVision\etc\devices directoryB. Use the "uds emove <devicename>" command in a command prompt windowC. Use the "lsdata emove <devicename>" command in a command prompt windowD. Disconnect the device from the network and enVision will complete the removal itautomaticallyAnswer: A

Question: 22What must happen for the Scheduled Reports display to present the results of a report that hasbeen scheduled? (Check the one best answer.)A. The NIC Web server must have generated at least one reportB. A Bind Report must be established to link the report to the output screenC. The Refresh Menu button must be clicked before the time that the report is to runD. One scheduled report must complete its run before another report can be scheduledAnswer: A

Question: 23What happens when an incorrect site configuration value is entered into the enVision ApplianceConfiguration Wizard? (Check the one best answer.)A. The value cannot be changed and the hardware may require re-imaging to restore factorydefault values before repeating the configuration wizard processB. The configuration value should be corrected by editing the /bin/site.config fileC. The configuration value can be changed using the front panel LCD controlsD. Run the enVision Appliance Configuration Wizard again in 'Repair' mode to correct theconfiguration valuesAnswer: A

Question: 24Which of the service listed below maintains the enVision site's directory information and lists data

Page 5: Question From Internet

such as the name of the site the data was originally collected on and the device or event sourcename? (Check the one best answer.)A. NIC Locator ServiceB. NIC Collector ServiceC. NIC Forwarder ServiceD. NIC File Reader ServiceAnswer: A

Question: 25The exhibit shows block diagrams describing an enVision LS Site with a Database Server (DSRV),Application Server (A-SRV), and two Local Collector (LC1 and LC2) components. Whichdiagram shows the correct arrangement? (Check the one best answer.)A. Diagram AB. Diagram BC. Diagram CD. Diagram DAnswer: B

Question: 26Which of the following statements about device Collection States is true? (Check the one bestanswer.)A. To collect data from a device, the device's Collection State must NOT be set to 'Disabled'.B. When a device Collection State indicates 'Candidate', it indicates that the device type has beendetermined.C. To stop collecting events from an active device, the Collection State can be changed from'Active' to 'Candidate' at any time.D. When a device Collection State is changed to 'Disabled', reports and queries can NOT be runon previously collected events from that device.Answer: A

Question: 27What is the primary difference between the LC5 and LC10 local collector units? (Check the onebest answer.)A. Base storage capacityB. Events Per Second (EPS) capabilityC. Physical size and weight of the unitsD. Type of Database Server to which they may be attachedAnswer: B

Question: 28Log management is the collection, analysis (real time or historical), storage and management oflogs from a range of sources across the enterprise including which of the following? (Check fouranswers.)A. Non-log generating devices and systemsB. Security systemsC. Disconnected network devicesD. Networking devicesE. Operating systemsF. Mobile devicesG. ApplicationsAnswer: B, D, E, G

Question: 29Which of the following questions are true statements about the RSA enVision LS Seriesappliance? (Check three answers.)

Page 6: Question From Internet

A. The LS Series consists of a single applianceB. The LS Series consists of three appliances each containing the functions of collection, datamanagement, and application and analysis.C. Each RSA enVision functional component (collection, database management, and applicationsand analysis) is contained in its own appliance.D. The LS Series contains all three RSA enVision functional components in a single applianceE. The LS Series is designed to operate in a distributed installationF. Can include both local and remote collector appliancesAnswer: C, E, F

Question: 30When a view is modified, what must be done before the changes are reflected in the alertingprocess? (Check the one best answer.)A. The view must be exportedB. The view must be approvedC. The view must be restartedD. The view must be scheduledAnswer: C

Question: 31If a firewall or NAT device needs to be configured for syslog traffic to reach the NIC CollectorService, which default port and protocol are used by that service?A. Port 514 using TCPB. Port 514 using UDPC. Port 8080 using TCPD. Port 8080 using UDPAnswer: B

Question: 32Which of the following statements is true about running the Data Injector? (Check the one bestanswer.)A. The data being injected can NOT contain more than 1024 eventsB. It must be located in the /envision/bin directoryC. The injector must first be formatted using the lsdata utilityD. It is specified using the ile argument in a command lineAnswer: D

Question: 33Which statement below most accurately reflects the result that will occur if you (1.) disable adevice on the Manage Device Types screen followed by (2.) configure a device of the same typeto send log data to RSA enVision.? (Check the one best answer.)A. Log data from this type of device will be ignoredB. The device will be discovered as an 'unknown' typeC. An error state will be created causing the NIC collector service to stopD. The device type will automatically re-enable once data is received and recognizedAnswer: B

Question: 34Where can the complete documentation be found for the use and functionality of theadministrative GUI console? (Check the one best answer.)A. The RSA enVision on-line help pagesB. The RSA enVision Configuration GuideC. The RSA enVision Administrator's ManualD. The RSA enVision Support web site ?User Operations pageAnswer: A

Page 7: Question From Internet

Question: 35Which of the following statements about the RSA enVision ES Series appliance is NOT true?(Check the one best answer.)A. The ES Series consists of a single applianceB. The ES Series consists of three appliances each containing the functions of collection, datamanagement, and application and analysisC. External storage is an available option with the ES SeriesD. The ES Series contains all three RSA enVision functional components in a single applianceE. The ES Series is designed to operate in a stand-alone non-distributed mode.Answer: B

Question: 36Which answer below best reflects the tasks the NIC Alerter Service performs? (Check the onebest answer.)A. Defines devices, messages, and correlated alerts within a siteB. Compares incoming event messages to user-defined alert criteriaC. Determines severity levels based on user-defined baseline valuesD. Continuously calculates baseline differences to pre-defined compliance rulesAnswer: B

Question: 37The Device Configuration section of the RSA enVision Support web site contains specific stepsfor setting up which of the following? (Check the one best answer.)A. Agent software that can be used in place of supported devicesB. Supported devices to allow enVision to capture messagesC. Unsupported devices to allow enVision to display the device typeD. A multiple unit LS enVision appliance for a first-time installationAnswer: B

Question: 38What are four log management challenges that most companies face? (Check four answers.)A. Huge number and variety of systems generating logsB. Growth of mobile devices and computingC. Volume of logged dataD. Changing threat landscapeE. Too much storage capacityF. More stringent regulatory requirements and uncertain of future regulatory issuesAnswer: A, C, D, F

Question: 39RSA enVision is a security information and event management application that performs which ofthe following functions? (Check three answers.)A. Collects log dataB. Stores log dataC. Makes log data visibleD. Retires log data as regulations expireE. Distributes log dataAnswer: A, B, C

Question: 40What is required to use the RSA enVision Event Explorer? (Check the one best answer.)A. User authenticationB. An SSL encrypted connectionC. An Event Server installed on the user's computerD. All of the aboveAnswer: A

Page 8: Question From Internet

Question: 41Before installing and configuring an enVision appliance, what task should be completed? (Checkthe one best answer.)A. Configure the RSA enVision applianceB. Schedule a follow-up meeting with ALL of the stakeholders involvedC. Configure each supported device that is within the scope of the implementationD. Create user administrative accountsE. Schedule RSA enVision supportAnswer: C

Question: 42When running a report from the Report screen, what can cause a "No Data Available" message?(Check three answers.)A. The packager service is not runningB. An improperly configured deviceC. The SQL Query service not runningD. A device that is not sending events to enVisionE. A scheduled report has not been created and activatedF. The 'Analyze' button is checked for unknown device typesAnswer: A, B, D

Question: 43Which of the following statements about RSA enVision are true? (Check the three correctstatements.)A. RSA enVision is a Security information and event management applicationB. RSA enVision collects and analyzes log informationC. RSA enVision is an appliance that prevents attacks from outside threatsD. RSA enVision ES Series appliances are designed for security functions and the LS Series forcompliance functionsE. RSA enVision is an appliance or set of appliancesAnswer: A, B, E

Question: 44Which of the following statements is the primary focus of an effective patch managementstrategy? (Check the one best answer.)A. Ability to connect to a vulnerability assessment systemB. The ability to connect to a vulnerability assessment system and task triageC. Collect and store log event messagesD. Minimize the window that exists between the discovery of a vulnerability and the application ofa solution to minimize or eliminate the vulnerabilityE. Minimize compliance riskAnswer: D

Question: 45The National Vulnerability Database and how RSA enVision uses it is best defined by which ofthe following statements? (Check the two best answers.)A. A database that RSA enVision helps to maintain by constantly evaluating the accuracy ofknown vulnerabilitiesB. Database of common vulnerabilities and exposures (CVEs)C. Minimize compliance riskD. Relates the state of an asset to known vulnerabilities to assess the risk associated with asecurity eventE. List of compliance vulnerabilitiesAnswer: B, D

Page 9: Question From Internet

Question: 46What are the security standards that regulate payment card transactions? (Check the one bestanswer.)A. PCI requirementsB. SAS 70 requirementsC. FISMA requirementsD. Sarbanes-Oxley (SOX) requirementsAnswer: A

Question: 47What does the Event Explorer license limit? (Check the one best answer.)A. The number of devices that can be analyzed at any one timeB. The number of event records that can be analyzed at any one timeC. The number of events per second that can be sent to the Event ExplorerD. The number of simultaneous connections from Event Explorer clients to an A-SRVAnswer: D

Question: 48What is the purpose of the RSA enVision collection function? (Check the one best answer.)A. Manage access and retrieval of captured eventsB. Interact with and use collected information for security and compliance related tasksC. Raw log data collection, compression, and storageD. Analyze real-time and historical dataE. A client server application that must be installed on a client machineAnswer: C

Question: 49To prevent Microsoft Windows event logs from reaching their maximum size limit, Windows eventlog properties should be set toA. "Overwrite events as needed"B. "Overwrite events older than 1 day"C. "Do not overwrite events (clear log manually)"D. "Restore Defaults before overwriting event log"Answer: A

Question: 50The enVision Installation Wizard will fail to proceed if it detects which of the following conditions?(Check two answers.)A. The product license is invalidB. The supplied configuration values are invalidC. Connections between hardware components are incorrectD. The logged in user is not a member of the 'administrator' groupE. An events-per-second (EPS) rate that exceeds the capability of the hardwareAnswer: B, C

Question: 51True or false. After logging into Event Explorer, no data is available to view until a connection isopened. (Check the one best answer.)A. TrueB. FalseAnswer: A

Question: 52True or false. All supported devices require a specific service (i.e. ODBC Service, File ReaderService, LEA Client Service, etc.) before RSA enVision can recognize it.A. True

Page 10: Question From Internet

B. FalseAnswer: B

Question: 53Which of the following statements about the RSA enVision ES Series are true statements?(Check the three correct statements.)A. RSA enVision ES Series is designed to work in a distributed installationB. RSA enVision ES Series' application, collector, and database functions each reside in aseparate applianceC. RSA enVision ES Series is designed to work in a stand-alone or non-distributed modeD. RSA enVision ES Series is available with local storage or external storageE. A single RSA enVision ES Series appliance is considered to be a single siteAnswer: C, D, E

Question: 54When launching Event Explorer, what two tasks can be performed from the Event Explorer Loginwindow? (Check the two best answers.)A. Log into RSA enVisionB. Authenticate against one or more RSA enVision Application ServersC. Add or remove RSA enVision Application Servers from the Event Explorer installationD. Log out of RSA enVisionE. The Create a Task Triage work item or taskAnswer: B, C

Question: 55When deciding what license parameters are needed, what factors should a customer consider?(Check two answers.)A. Number of devices from which events are gatheredB. Amount of storage capacity that will be needed in the IPDBC. Number of Remote Collector units that will be part of a single SiteD. Number of events per second from all devices from which event log data will be collectedAnswer: A, D

Question: 56What does the RSA enVision Event Explorer allow users to examine?V (Check the one bestanswer.)A. Data nuggets prior to packagingB. Data directly from device log filesC. Data stored in the enVision IPDB databaseD. Raw data stored in the pre-filtered data cacheAnswer: C

Question: 57Which description below best describes the timestamps displayed by RSA enVision EventViewer? (Check the one best answer.)A. It is converted to Universal Device Time (UDT)B. They are converted to the selected time zone of the client running Event ViewerC. They are shown with the same local time as generated by the source deviceD. They are displayed with the time that the event was first accessed by Event ViewerAnswer: B

Question: 58What is the purpose of the RSA enVision database management function? (Check the one bestanswer.)A. Interact with and use collected information for security and compliance related tasksB. Raw log data collection, compression, and storage

Page 11: Question From Internet

C. Analyze real-time and historical dataD. A client server application that must be installed on a client machineE. Manage access and retrieval of captured eventsAnswer: E

Question: 59Before being stored in the RSA enVision IPDB, the packaging of data "nuggets" includes which ofthe following three processes? (Choose three)A. IndexingB. CollectingC. EncryptingD. ReplicationE. SchedulingF. CompressingAnswer: A, C, F

Question: 60Which of the following is a true statement about devices displayed in the Event Explorer's devicetree? (Check the one best answer.)A. Devices are added individually to a user's view by an administratorB. The device tree shows certain message types that a user has permission to seeC. Devices the user has permission to see within enVision will be shown in a device treeD. All devices are shown in a device tree but only those the user has permission to see are activeAnswer: C

Question: 61Generally speaking, what task listed below must be completed before a device is recognized byRSA enVision? (Check the one best answer.)A. Agent software is installed on the source deviceB. A direct crossover cable is connected to the enVision applianceC. Device is configured to ensure event data is available to enVisionD. System clocks are synchronized to match the enVision timestampAnswer: C

Question: 62The three functional units of RSA enVision include which of the following? (Check three answers.)A. Application and analysisB. Alerts and analysisC. CollectionD. Universal device supportE. Database managementAnswer: A, C, E

Question: 63What happens when a Managed Device is disabled on the Manage Device Types screen?(Check the one best answer.)A. It will be re-enabled when a new administrative session beginsB. It will be re-enabled when a new event is received from that deviceC. It will not be displayed in the user interface or in the Reports module menu treeD. It must be re-installed before new data can be collected from that deviceAnswer: C

Question: 64Which of the following is the best architecture solution for a company distributed over a widegeographic area? (Check the one best answer.)A. Multiple single-appliance sites installed at each customer location

Page 12: Question From Internet

B. One master site and Local Collectors distributed to each collection pointC. One master site and Remote Collectors distributed to each collection ointD. Depends on the customer need to gather, analyze and report data at their various locationsAnswer: D

Question: 65How many users who are part of the administrators group can be SIMULTANEOUSLY logged into the enVision Administrative Console? (Check the one best answer.)A. Up to the number specified by the enVision license.B. There is no limit to the number of administrators that can log in at one time.C. Up to 10 regardless of a single or multiple/distributed appliance architecture.D. Up to 10 if using a single appliance system; Up to 50 if using distributed appliances.Answer: A

Question: 66What is the purpose of the RSA enVision application and analysis function? (Check the one bestanswer.)A. Raw log data collection, compression, and storageB. Analyze real-time and historical dataC. A client server application that must be installed on a client machineD. Interact with and use collected information for security and compliance related tasksE. Manage access and retrieval of captured eventsAnswer: D

Question: 67When installing the Event Explorer client system it is important to use which of the following?(Check the one best answer.)A. A different computer than is used to access the enVision administrative GUIB. A computer that has at least two network cards (NICs) to provide read/write accessC. A subnet mask that will allow direct connections to Remote Collector (RC) systemsD. A Windows account that has sufficient permissions to perform a software installationAnswer: D

Question: 68In an RSA enVision system what is a "NIC Domain"? (Check the one best answer.)A. One or more enVision Sites working togetherB. The set of enVision servers serving as a Master siteC. The set of all Collectors (local and remote) within one Windows domainD. All network information events collected from one single Windows domainAnswer: A

Question: 69Which two (2) log data collection methods listed below do NOT require the configuration of aservice before RSA enVision can recognize a device using that collection method? (Check twoanswers.)A. SyslogB. ODBCC. SNMPD. Log file FTPE. Checkpoint LEA APIAnswer: A, C

Question: 70In RSA enVision, a "supported device" is best described by which of these statements? (Checkthe one best answer.)A. A device that enVision can contact without a LAN connection

Page 13: Question From Internet

B. A device that can trigger an enVision alert with no further configurationC. A device that will initially appear in the enVision Event Viewer as "unknown"D. A device that does not need the development of a UDS utility for enVision to recognize thedevice and parse its event log dataAnswer: D

Question: 71From the perspective of compliance requirements, what is the one most important aspect of theRSA enVision product? (Check the one best answer.)A. Data is collected without pre-filteringB. Data collected is compressed for efficient storageC. Any enVision user has access to all stored data for auditingD. Alerts can be configured to automatically notify regulatory agenciesAnswer: A

Question: 72Unsupported devices will not be recognized by RSA enVision until what two tasks are performed?(Check the two best answers.)A. Log messages from unsupported devices can never be recognized by RSA enVisionB. A custom UDS utility is developed to interpret log messages the device generatesC. RSA decides to make it a supported deviceD. The device is configured and if necessary the appropriate service is installedE. The original log is packaged, compressed, and stored in the IPDB databaseAnswer: B, D

Question: 73The enVision NIC Logger service sends data directly to which of the following? (Check the onebest answer.)A. NIC PackagerB. NIC CollectorC. IPDB databaseD. NIC WebserverAnswer: B

Question: 74RSA enVision can recognize which of the following categories of devices? (Check threeanswers.)A. RSA enVision supported devices that do not require a serviceB. RSA enVision supported devices with the appropriate required serviceC. RSA enVision UN-supported devices that exist on a company's networkD. RSA enVision UN-supported devices utilizing XML files written with the UDS utilityE. RSA enVision supported devices not on a company's networkAnswer: A, B, D

Question: 75If an RSA enVision system utilizes an "Authentication Server", what function does this serverperform? (Check the one best answer.)A. It verifies device authenticity for the NIC Logger service.B. It can be used as an external source for user authentication.C. It monitors the "serviceuser' account for service permissions.D. It is an internal user authentication mechanism within the NIC Server service.Answer: B

Question: 76Assuming that a <device>msg.xml file exists for a device and a collected log message is found inthe <device>msg.xml, which of the following statements are true? (Check the two correct

Page 14: Question From Internet

answers.)A. The message can be parsed to the appropriate enVision database tableB. The LEA client service must be installedC. The device probably produces logs in the Unix syslog or SNMP formatD. The device is a supported deviceE. The ODBC standard database access method is being usedAnswer: A, D

Question: 77What type of log information travels directly from the Collector to the Alerter without passingthrough the enVision IPDB? (Check the one best answer.)A. None. All data flows through the IPBD.B. Only events flagged with a "Critical Alert" status.C. Events where the device sends log data as pre-packaged 'nuggets'.D. Events from devices that are configured with Alerter as their syslog.Answer: A

Question: 78What is the origin of the specific event messages that are recorded in the log file of an enVisionsupported device? (Check the one best answer.)A. Messages are defined by the device manufacturer/vendorB. The enVision Event Viewer defines each event message as they are collectedC. The enVision NIC Logger Service defines each event message as they are logged for the firsttimeD. The severity level associated with the device and the event determine the event messageE. From a regulated industry standard list of event messagesAnswer: A

Question: 79Which of the following statements about the RSA enVision LS Series are true statements?(Check the two correct statements.)A. RSA enVision LS Series is designed to work in a distributed installationB. RSA enVision LS Series application, collector, and database functions each reside in aseparate applianceC. RSA enVision LS Series is designed to work in a stand-alone or non-distributed modeD. RSA enVision LS Series is available with local storage but not external storageE. A single RSA enVision LS Series appliance is considered to be a single siteAnswer: A, B

Question: 80The RSA enVision Event Viewer displays information from what source? (Check the one bestanswer.)A. NIC Packager "nuggets"B. NIC RDB relational databaseC. Report RDB relational databaseD. Internet Protocol Database (IPDB)Answer: D

Question: 81In which RSA enVision functional component resides the database containing index andmetadata associated with the compressed original logs? (Check the one best answer.)A. CollectionB. Database managementC. Application and analysisD. Alerts and analysisE. UDS

Page 15: Question From Internet

Answer: B

Question: 82What functions are performed by an RSA enVision Remote Collector device? (Check twoanswers.)A. Allows real time alerts and correlated alert functionsB. Produces compliance data reports in remote locationsC. Allows administrator access through a remote GUI consoleD. Provides data storage and forwarding to a Database ServerE. Creates log data and forwarding to a Local CollectorAnswer: A, D

Question: 83Which of the following statements is the best definition for Event Explorer? (Check the one bestanswer.)A. Is RSA enVision's Task Triage productB. Contains all of the collected and parsed log messages from the IPDBC. A client-server application which is an advanced analysis tool for examining real-time andhistorical data.D. The only tool that can be used to examine log data collected by RSA enVision and stored inthe IPDBE. Can operate on any client system operating systemAnswer: C

Question: 84When using the Manage Users function to create a new RSA enVision user account, how manynew accounts can be created? (Check the one best answer.)A. Up to the number specified by the enVision license.B. There is no limit to the number of accounts that can be created.C. Up to 10 administrator accounts and up to 50 non-administrator accounts.D. Up to 50 accounts can be created in any combination of administrator and non-administrator.Answer: B

Question: 85Which of the RSA enVision functional components best provides the capability to view and usethe collected log data? (Check the one best answer.)A. Alert and analysisB. Database managementC. Application and analysisD. CollectionE. Reporting engineAnswer: C

Question: 86The Enterprise Dashboard can support which of the following file formats? (Check threeanswers.)A. .JPG (JPEG)B. .BMP (Bitmap)C. .MSP (Microsoft Paint)D. .TIF (Tagged Image File)E. .EPS (Encapsulated PostScript)F. .GIF (Graphics Interchange Format)Answer: A, B, F

Question: 87In the RSA enVision system, Message Variables define what type of data? (Check the one best

Page 16: Question From Internet

answer.)A. Data extracted from message payloadsB. Data used to identify unknown device typesC. Data trying to obscure the original source IP addressD. Data used to encrypt log traffic from secure web serversAnswer: A

Question: 88The RSA enVision user interface consists of what four (4) modules? (Check four answers.)A. Collection moduleB. Overview moduleC. Alerts ModuleD. Applications ModuleE. Database management moduleF. Analysis ModuleG. Reports ModuleAnswer: B, C, F, G

Question: 89True or False: According to PCI Auditors, inadequate logging is one of the top three areas offailure for the Payment Card Industry (PCI) Data Security Standard (DSS).A. TrueB. FalseAnswer: A

Question: 90In the enVision data flow, which of the following sequences represents the correct series ofevents? (Check the one best answer.)A. Data collection, data reporting, nugget creation, IPDB storage, data packagingB. Data collection, IPDB storage, nugget creation, data packaging, data reportingC. Data collection, nugget creation, data packaging, IPDB storage, event reportingD. Data collection, data packaging, IPDB storage, nugget creation, event reportingAnswer: C

Question: 91What determines the severity level of an Alert Category? (Check the one best answer.)A. The threshold level of the Trend parameter.B. The greatest deviation from the baseline value.C. The level of output actions specified for an alert.D. The number of times a specific alert is repeated in a specified time period.Answer: B

Question: 92For the functions of collecting, storing, and managing event log data RSA enVision utilizes whatkind of database architecture? (Check the one best answer.)A. Internet protocol databaseB. Relational databaseC. BothD. RSA enVision does not use a database architectureAnswer: A

Question: 93True or False: A "log" is a record of an event or activity occurring within an organization's systemsor networks.A. TrueB. False

Page 17: Question From Internet

Answer: A

Question: 94A single RSA enVision Site can NOT contain more than one of which of the followingcomponents? (Check the one best answer.)A. Local Collector (LC)B. Remote Collector (RC)C. Database Server (D-SRV)D. Application Server (A-SRV)Answer: C

Question: 95The set of enVision services is the same for both single unit appliances and multiple unitappliancesA. TrueB. FalseAnswer: B

Question: 96Which of the following describes the timestamp that is shown in the Event Viewer Date/Timefield? (Check the one best answer.)A. The timestamp is from the source device for that event.B. The timestamp is from the enVision collector that is appended to the event.C. The timestamp indicates the time the event was first viewed in Event Viewer.D. The timestamp indicates the elapsed time between event origination and capture.Answer: B

Question: 97What should you reference to determine if RSA enVision's standard reports comply with theSarbanes-Oxley (SOX) or the BASEL II standards? (Check the one best answer.)A. Sarbanes-Oxley and BASEL II web sites which list compliance reports available from enVisionB. The enVision administrative interface which by default includes both SOX and BASEL IIreportsC. The Best Practices tool section of the Overview Tab which provides an overview with links tocompliance related documentsD. The Compliance Report Filter (CRF) which can be downloaded from the RSA enVisionSupport web site to print all compliance reportsAnswer: C

Please read on EMC storage supplied. DAS and the LEDs and so on.


NS2 tutorial from internet

NS2 tutorial from internet

Documents
Islam Expands Taken from Internet Taken from Internet

Islam Expands Taken from Internet Taken from Internet

Documents
Question Excerpt From Audit Final

Question Excerpt From Audit Final

Documents
Materials Science Question From GATE

Materials Science Question From GATE

Documents
Question Excerpt From a+

Question Excerpt From a+

Documents
From the Internet of Computers to the Internet of Things

From the Internet of Computers to the Internet of Things

Technology
The Jewish Question - Marxists Internet Archive

The Jewish Question - Marxists Internet Archive

Documents
MT0035 Internet HTML Multimedia Model Question Paper with Answers MSci IT Sem 1

MT0035 Internet HTML Multimedia Model Question Paper with Answers MSci IT Sem 1

Documents
Question 2 from evaluation

Question 2 from evaluation

Documents
From the question of ‘what’ to the question of ‘how’eprints.ncrm.ac.uk/3062/1/5.1_From_the_question_of_what_to_how_… · From the question of ‘what’ to the question of

From the question of ‘what’ to the question of ‘how’eprints.ncrm.ac.uk/3062/1/5.1_From_the_question_of_what_to_how_… · From the question of ‘what’ to the question of

Documents
If the Internet is the answer, then what was the question?

If the Internet is the answer, then what was the question?

Documents
INTERNET SPEEDS ROM LEWIS 8-3. QUESTION How much is your internet speed affected by how you are using it?

INTERNET SPEEDS ROM LEWIS 8-3. QUESTION How much is your internet speed affected by how you are using it?

Documents
1.Learning the Terms Learning the TermsLearning the Terms 2.Accessing the Internet from a PC Accessing the Internet from a PCAccessing the Internet from

1.Learning the Terms Learning the TermsLearning the Terms 2.Accessing the Internet from a PC Accessing the Internet from a PCAccessing the Internet from

Documents
Styles from Internet

Styles from Internet

Design
Internet Today’s Internet – Very different from yesterday’s Very different from tomorrow’s

Internet Today’s Internet – Very different from yesterday’s Very different from tomorrow’s

Documents
From the Internet of Computers to the Internet of · PDF fileFrom the Internet of Computers ... communications and information technology we have witnessed in ... From the Internet

From the Internet of Computers to the Internet of · PDF fileFrom the Internet of Computers ... communications and information technology we have witnessed in ... From the Internet

Documents
VERTICAL PROJECTILE MOTION (LIVE) 08 APRIL 2015 …...Question 3 (Taken from DOE Preparatory Examination 2008) ... Question 4 (Taken from DOE November 2009) ... Question 8 (Taken from

VERTICAL PROJECTILE MOTION (LIVE) 08 APRIL 2015 …...Question 3 (Taken from DOE Preparatory Examination 2008) ... Question 4 (Taken from DOE November 2009) ... Question 8 (Taken from

Documents
From Internet of Things to Internet of People · 2017-07-27 · From Internet of Things to Internet of People ... Draft a set of to step from Internet of Things to the Internet of

From Internet of Things to Internet of People · 2017-07-27 · From Internet of Things to Internet of People ... Draft a set of to step from Internet of Things to the Internet of

Documents
Extracting Semantics from Question-Answering Services for ...Question-Answering Systems. 1 Introduction Lately, the widespread use of the Internet and the introduction of the open-source

Extracting Semantics from Question-Answering Services for ...Question-Answering Systems. 1 Introduction Lately, the widespread use of the Internet and the introduction of the open-source

Documents
Materials Question From My Book

Materials Question From My Book

Documents
Question Answering from Frequently-Asked Question Files - CiteSeer

Question Answering from Frequently-Asked Question Files - CiteSeer

Documents
Internet Privacy: Tracking and Filtering, a Policy Question

Internet Privacy: Tracking and Filtering, a Policy Question

Documents
DBA Question From Orafaq

DBA Question From Orafaq

Documents
Microsoft Internet Explorer Capturing Text and Images From the Internet

Microsoft Internet Explorer Capturing Text and Images From the Internet

Documents
The Internet in Transnational Advocacy Networks The Forgotten Question

The Internet in Transnational Advocacy Networks The Forgotten Question

Documents
Select * from internet

Select * from internet

Technology
Internet fraud from linkedin

Internet fraud from linkedin

Documents
vusolvedpaper.files.wordpress.com...Feb 05, 2020  · Web Application Web Browser Internet Application HTML . Question No: 11 ( Marks: 1 ) - Please choose one ... Question No: 8 (

vusolvedpaper.files.wordpress.com...Feb 05, 2020  · Web Application Web Browser Internet Application HTML . Question No: 11 ( Marks: 1 ) - Please choose one ... Question No: 8 (

Documents
Notes - Taken from Internet

Notes - Taken from Internet

Documents
Errors From Internet

Errors From Internet

Documents