The RSA NetWitness Logs & Network Administrator examination is based on the critical job functions that an individual would typically be expected to perform with competence when administering the RSA NetWitness Logs & Network product.
An RSA NetWitness Logs & Network Administrator is a person who has an IT administrator, IS Analyst, or Security Operations role within an organization.
The major job functions expected of an RSA NetWitness Logs & Network Administrator include three major areas of job role responsibility:
- General awareness of the functions and capabilities of the product
- Configuration and management of the product
- Monitoring and troubleshooting product operation
Candidate Background and Experience
An RSA NetWitness Logs & Network Administrator candidate should have a minimum of two years of experience in one or more of the following technical areas and understand how these technologies relate to and integrate with the RSA NetWitness Logs & Network product. Elements of the
Administrator exam touch upon these areas:
- Previous experience in computer and Network operations, information security, operating systems and system administration.
- Familiarity with most basic system administration tools and processes.
- Experience in user management, managing reports, and security-related tasks.
- Web and Application Servers and Browsers.
- Troubleshooting and problem determination skills.
The RSA NetWitness Logs & Network Administrator exam is comprised of five major Domains (subject areas). Each Domain is represented by a series of questions designed to evaluate competence and knowledge of elements relating to that domain. The following table describes the proportion of the examination that relates to each domain.
|Domain||% of Examination|
|4.0: Reporting Engine||15%|
|5.0: User Management||10%|
Domain 1.0: Architecture
The RSA NetWitness Logs & Network Administrator must have a fundamental knowledge of key features and benefits of the RSA NetWitness Logs & Network product. The RSA NetWitness Logs & Network Administrator is expected to be able to identify the functions that highlight the product features and capabilities within an RSA NetWitness Logs & Network environment and understand how the product can be used to identify security concerns.
- REST API
- User interface
- Data collection
- Packet capture
- Meta creation
Domain 2.0: Configuration
The RSA NetWitness Logs & Network Administrator must have a fundamental knowledge of how to configure key components of the RSA NetWitness Logs & Network product and how to affect system changes to help gather data and provide consolidated metadata for analysis.
- Configure Components
- Device configuration
- Reset password
- Create groups
- Configure health and wellness
- Configure log collection
- Configure External Authentication
- Configure SecurID
Domain 3.0: Investigation
The RSA NetWitness Logs & Network Administrator must have a fundamental knowledge of key investigation features in the RSA NetWitness Logs & Network product in order to assure proper functioning of the Investigate module.
- Application rules
- Network rules
- Correlation rules
- Investigate UI
- Meta groups
- Context hub
Domain 4.0: User Management
The RSA NetWitness Logs & Network Administrator must have a fundamental knowledge of how to manage users. The RSA NetWitness Logs & Network Administrator is expected to be able to create and maintain users.
- Trust model
Domain 5.0: Reporting Engine
The RSA NetWitness Logs & Network Administrator must have a fundamental knowledge of Reporting Engine configuration and operation.
- Reporting Engine components
- Output actions
- Reporting Engine configuration
- Output actions
- Data sources
Although RSA NetWitness Logs & Network product training is not a strict requirement in preparation for the exam, it is highly recommended.
Analysis of test results of RSA Certification exams indicates that a majority of candidates who attend training prior to testing are more likely to successfully pass the exam on their first attempt.
For full and detailed descriptions of RSA NetWitness Logs & Network course offerings, visit: https://community.rsa.com/community/training/netwitness
Many of the areas addressed by the RSA NetWitness Logs & Network Administrator exam will be familiar to the candidate who has worked with the RSA NetWitness Logs & Network product.
The RSA NetWitness Logs & Network Administration exam content areas cover a wide range of solution functions because an administrator also customizes and optimizes the interface, and contributes to the day-to-day operation of an RSA NetWitness Logs & Network implementation.
Testing Centers, Locations, and Registration
The RSA Archer Administrator examination is administered by the Pearson VUE organization – an internationally known examination provider. Examination centers are located worldwide. Visit the Pearson VUE web site (www.pearsonvue.com/rsa/) and use the Test Center Locator to find a testing facility convenient to you.
You may also use the Pearson VUE site to create a personal login account and register for an exam. The RSA NetWitness Logs & Network Administrator exam code is 050-11-CARSANWLN01.
The RSA NetWitness Logs & Network Administrator exam consists of 70 questions to be completed in 85 minutes. The exam consists of multiple-choice, multiple-response, or true/false type questions. The exam is computer-based and closed book – you may not utilize any printed material, personal computers, calculators, cell phones, etc. during the test.
The minimum passing score is 70%. Test results are calculated automatically at the conclusion of the test and testing center personnel can often provide you with an authorized copy of your results before you leave the testing center.
The fee for taking the exam is US$ 150.00.
The RSA NetWitness Logs & Network Administrator exam is available in North American English.
What to expect at the Testing Center
You must present two forms of identification; one of which is a photo identification.
You will be required to electronically accept the terms of an RSA Certification Program Non-Disclosure Agreement before beginning the examination. You are given an additional 5 minutes above and beyond the examination time to read this agreement before accepting.
Re-taking the Exam
There is no limit on the number of times that you can re-take the certification exam. However, to maintain integrity and confidentiality of the test items, 14 days is the required elapsed time before retaking the test a third time. Please note that you must pay the full exam fee each time that you retake the