Questionaries of RSA Security 050-V336-ENVCSE01 Exam
Ø If a firewall or NAT device needs to be configured for syslog traffic to reach the NIC Collector Service, which default port and protocol are used by that service?
A. Port 514 using TCP
B. Port 514 using UDP
C. Port 8080 using TCP
D. Port 8080 using UDP
Answer: B
Ø When setting up a Check Point firewall device, it is a good practice to first
A. stop and restart the Check Point Firewall Service
B. stop and restart the envision NIC Collector Service
C. verify that the Check Point Log Viewer is receiving events
D. set an 8-character key to establish an authenticated connection
Answer: C
Ø The RSA envision Event Viewer gets its results to display from
A. NIC Packager "nuggets"
B. the NIC RDB relational database
C. the Report RDB relational database
D. the IPDB Internet Protocol Database
Answer: D
Ø To remove a UDS device from an RSA envision system, you must delete the from the list of monitored devices and
A. delete the folder from the \enVices directory
B. use the "uds-remove " command in a command prompt window
C. use the "lsdata-remove " command in a command prompt window
D. disconnect the device from the network and envision will complete the removal it automatically
Answer: A
Ø The UDS development process involves (Choose three)
A. verifying XML syntax and parsing
B. obtaining logs from a device in syslog format
C. using XML to convert device logs to IPDB format
D. mapping a device name to an existing envision device
E. deleting undesired device messages in the UDS GUI console
F. creating an XML file to define header and message information
Answer: A,B,F
Ø In an RSA envision system a "NIC Domain" refers to
A. one or more envision Sites working together
B. the set of envision servers serving as a Master site
C. the set of all Collectors (local and remote) within one Windows domain
D. all network information events collected from one single Windows domain
Answer: A
Ø If a Managed Device is diabled, it will
A. be re-enabled when a new administrative session begins
B. be re-enabled when a new event is received from that device
C. not be displayed in the user interface or Reports module menu tree
D. require-re-installation before new data can be collected from that device
Answer: C
Ø The primary difference between the LC5 and LC10 local collector units is
A. the base storage capacity
B. the Events Per Second (EPS) capability
C. the physical size and weight of the units
D. the type of Database Server to which they may be attached
Answer: B
Ø If an event source device type is not immediately recognized by RSA envision
A. it will be defined as "unknown" and envision will collect data from it
B. data from that device will be discarded until the device type can be defined
C. an alert generated by default to call an administrator's attention to the device
D. the UDS Service will create a parsing XML file for the device and place data in the NIC Parse Cache
Answer: A
Ø A customer who is interested in monitoring in real-time a number of alerts, trends, and network performance data would be particularly interested in which RSA envision feature?
A. Event Explrer
B. SQL Query function
C. Compliance policies
D. Enterprise Dashboard
Answer: D
Ø What happens if an event source device type is not immediately recognized by RSA enVision?
(Check the one best answer.)
A. It will be defined as "unknown" and for a limited time enVision will collect event data it
generates
B. Data from that device will be discarded until the device type can be defined
C. An alert is generated by default to call an administrator's attention to the device
D. The UDS Service will create a parsing XML file for the device and place data in the NIC
Parse Cache
Answer: A
Ø How many Remote Collectors (RC) can each Database Server (D-SRV) support? (Check
the one best answer.)
A. Eight (8)
B. Ten (10)
C. Sixteen (16)
D. Thirty two (32)
Answer: C
Ø After creating a customized Report Menu system, which RSA enVision service(s) need to be
re-started?
A. Only the NIC Webserver Service
B. The NIC Webserver and NIC Server Services
C. The NIC Webserver, NIC Server and NIC Locator Services
D. The NIC Webserver, NIC Server, NIC Locator, and NIC Packager Services
Answer: A
Ø When opening a connection in Event Explorer, you can define which of the following features?
(Check the three correct answers.)
A. Devices
B. Event categories
C. Log messages
D. Time frame
E. Local collector
Answer: A, B, D
Ø In the RSA enVision UDS process, what is the purpose of performing Data Reduction steps?
(Check the one best answer.)
A. Improve speed and efficiency of data processing
B. Compress unsupported device data prior to storage
C. Apply ISO-approved abbreviations to message text strings
D. Decrease the rate that unsupported device data is collected
Answer: A
Ø If a customer has a specific syslog that they would like to use as part of a demonstration, you
can load it into enVision for reporting and querying using which of the following? (Check the
one best answer.)
A. The lsdata utility to import the syslog file
B. Copying the syslog file into the IPDB data directory
C. Using the Data Injector utility to collect data from the syslog file
D. Using the Custom Reports? View External Data function of the administrative GUI
Answer: C
Ø When planning an RSA enVision installation, which statements below about the Site Name are
important considerations? (Check two answers.)
A. The Site Name must match an enVision domain name
B. The Site Name must be unique within an enVision domain and cannot be the same as the
customer's NetBIOS domain name
C. The Site Name must not contain any numeric or punctuation characters
D. The Site Name must have the same suffix as the Windows domain in which it resides
E. The Site Name must not match the name of any existing Windows domain in the network
Answer: B, E
Ø Why would the checkbox of a device type be grayed out On the Manage Device Types screen?
(Check the one best answer.)
A. It's not licensed
B. Device is unknown but data can be collected
C. Device is known but not compatible with enVision
D. Device is associated with a monitored device within the NIC domain
Answer: D
Ø True or false. If a conflict exists with the default enVision collection port after appliance
installation, the Collector Service can be modified to configure event collection on a different
port.
A. True
B. false
Answer: A
Ø When initially setting up a multiple appliance site, only the D-SRV unit is connected to a LAN ?all of the other units
in the site then connect directly to the D-SRV.
A. True
B. False
Answer: B
Ø What does RSA enVision do when it is set to auto-discover new devices? (Check the one best answer.)
A. Adds new supported devices automatically to the list of monitored devices in the Manage Monitored Devices
screen
B. Temporarily holds in the "New Device" cache and begins to collect data after it is approved by an administrator
C. RSA enVision alerts members of the "administrators" group to add a new device to the list of monitored devices
D. RSA enVision automatically exports device attributes to an XML file for an administrator to review
Answer: A
information generated by a device? (Check the one best answer.)
A. When the source IP address of the device is unknown to enVision.
B. When the device is configured to send only certain events to syslog.
C. When "Collect All Logs" is left unchecked in the Manage Devices screen.
D. When the device is a known device and enVision recognizes the events to be non-critical.
Answer: B
answers.)
A. Configure devices to send log data to RSA enVision
B. Device identification (i.e. vendor, device name, class, sub-class, etc.)
C. Identification of device collection method
D. Message definition
E. List of known vulnerabilities
F. Data parsing
Answer: BDF
performance? (Check the one best answer.)
A. Overview module
B. Alerts Module
C. Analysis Module
D. Reports Module
Answer: A
Ø The UDS development process involves which of the following tasks? (Check two answers.)
A. Verifying XML syntax and parsing
B. Using XML to convert device logs to IPDB format
C. Mapping a device name to an existing enVision device
D. Creating an XML file to define header and message information
Answer: AD
Ø In general, RSA enVision's security information and event management functions include
which of the following? (Choose two)
A. Storage of log data.
B. Collection of log data.
C. Distribution of log data.
D. Filtering of regulatory log data.
E. Selective rule-based log deletion.
Answer: A,B
Ø Assuming that a <device>msg.xml file exists for a device and a collected log message has a
match in the <device>msg.xml, which of the following statements are true? (Choose two)
A. The device is a supported device.
B. The LEA client service must be installed.
C. The ODBC standard database access method is being used.
D. The message can be parsed to the appropriate enVision database table.
E. The device is probably producing logs in the Unix syslog or SNMP format.
Answer: A,D
Ø Which of the following describes the timestamp that is shown in the Event Viewer Date/Time
field?
A. The timestamp is from the source device for that event.
B. The timestamp is from the enVision collector that is prepended to the event.
C. The timestamp indicates the time the event was first viewed in Event Viewer.
D. The timestamp indicates the elapsed time between event origination and capture.
Answer: B
Ø Which of the log data collection methods listed below do NOT require the configuration of a
service before RSA enVision can recognize a device using that collection method? (Choose
two)
A. Syslog
B. ODBC
C. SNMP
D. Log file FTP
E. Checkpoint LEA API
Answer: A,C
Ø What is the primary difference between the LC5 and LC10 local collector units?
A. Base storage capacity.
B. Events Per Second (EPS) capability.
C. Physical size and weight of the units.
D. Type of Database Server to which they may be attached.
Answer: B
Ø Within the RSA enVision console, what should you reference to determine if enVision's
standard reports pertain to the Sarbanes-Oxley (SOX) or the BASEL II standards?
A. The VAM assessment control panel under the 'Compliance >> Standards' tab.
B. The enVision administrative interface which, by default, includes both SOX and BASEL II
reports.
C. The Best Practices tool section of the 'Overview' tab which provides an overview with links
to...
D. The Compliance Report Filter (CRF) which can be downloaded from the RSA enVision
Support...
Answer: C
Ø In RSA enVision architecture, what best defines an enVision "Domain"?
A. One or more Sites working together.
B. The set of servers that make up a Master site.
C. The set of Collectors (local and remote) within one Windows domain.
D. All network information events collected from a single Windows domain.
Answer: A
Ø When would you expect a difference between the log information captured by RSA enVision and the
log information generated by a device? (Check the one best answer.)
A.When the source IP address of the device is unknown to enVision.
B.When the device is configured to send only certain events to syslog.
C.When "Collect All Logs" is left unchecked in the Manage Devices screen.
D.When the device is a known device and enVision recognizes the events to be non-critical.
Answer:B
Ø In RSA enVision UDS development, Value Maps, Regular Expressions, and Functions are types of
which of the following? (Check the one best answer.)
A.Data Reduction
B.XML Parsing Rules
C.Conditional Variables
D.Summary Data Buckets
Answer:C
Ø Which RSA enVision module is used to configure the enVision system as well as to monitor its health
and performance? (Check the one best answer.)
A.Overview module
B.Alerts Module
C.Analysis Module
D.Reports Module
Answer:A
Ø When creating a new enVision user account, which User Group is the account added to by default?
(Check the one best answer.)
A.Report-users
B.Administrators
C.Temporary-users
D.All-applications-users
Answer:D
Ø What are three steps that are part of the device interpretation process using UDS? (Check the three
best answers.)
A.Configure devices to send log data to RSA enVision
B.Device identification (i.e. vendor, device name, class, sub-class, etc.)
C.Identification of device collection method
D.Message definition
E.List of known vulnerabilities
F.Data parsing
Answer:B D F
Ø The administrator can use the RSA enVision's user authentication feature to complete what tasks?
(Check two answers.)
A.Use an existing Microsoft Active Directory authentication server
B.Associate administrative users with an authentication server
C.Require enVision users to change passwords on a periodic basis
D.Enforce a pre-defined set of 'prohibited passwords' based on a dictionary file
E.Utilize existing domain authenticated user accounts as the basis for enVision user accounts
Answer:A E
Ø What two tasks does UDS complete when the command "uds reate" is executed to create a device?
(Check the two best answers.)
A.Creates the files .ini, client.txt, vendor.txt and msg.xml
B.Immediately starts collecting data from the new device
C.Identifies all associated devices that have been configured
D.Create all directory structures required for the device
E.Lists all devices to verify that the device does not already exist
Answer:A D
Ø The UDS development process involves which of the following tasks? (Check two answers.)
A.Verifying XML syntax and parsing
B.Using XML to convert device logs to IPDB format
C.Mapping a device name to an existing enVision device
D.Creating an XML file to define header and message information
Answer:A D
Ø What does RSA enVision do when it is set to auto-discover new devices? (Check the one best answer.)
A.Adds new supported devices automatically to the list of monitored devices in the Manage Monitored
Devices screen
B.Temporarily holds in the "New Device" cache and begins to collect data after it is approved by an
administrator
C.RSA enVision alerts members of the "administrators" group to add a new device to the list of monitored
devices
D.RSA enVision automatically exports device attributes to an XML file for an administrator to review
Answer:A
-Regards,
Blackhattrick blog
(Googlethewebsite.blogspot.com/blackhattrick.blogspot.com)
No comments:
Post a Comment