RSA NetWitness Platform Administrator Exam Guide

Document created by Megan Henderson Employee on Apr 17, 2019Last modified by Joseph Cantor on Nov 11, 2019
Version 2Show Document
  • View in full screen mode

Introduction
The RSA NetWitness Platform Administrator examination is based on the critical job functions that an individual would typically be expected to perform with competence when administering the RSA NetWitness Platform product.

 

An RSA NetWitness Platform Administrator is a person who has an IT administrator, IS Analyst, or Security Operations role within an organization.

 

The major job functions expected of an RSA NetWitness Platform  Administrator include three major areas of job role responsibility:

  • General awareness of the functions and capabilities of the product
  • Configuration and management of the product
  • Monitoring and troubleshooting product operation

 

Candidate Background and Experience
An RSA NetWitness Platform Administrator candidate should have a minimum of two years of experience in one or more of the following technical areas and understand how these technologies relate to and integrate with the RSA NetWitness Platform  product. Elements of the

 

Administrator exam touch upon these areas:

  • Previous experience in computer and Network operations, information security, operating systems and system administration.
  • Familiarity with most basic system administration tools and processes.
  • Experience in user management, managing reports, and security-related tasks.
  • Web and Application Servers and Browsers.
  •  Troubleshooting and problem determination skills.

 

Examination Domains:

The RSA NetWitness Platform  Administrator exam is comprised of five major Domains (subject areas). Each Domain is represented by a series of questions designed to evaluate competence and knowledge of elements relating to that domain. The following table describes the proportion of the examination that relates to each domain.

 

 

Domain% of Examination
1.0: Architecture25%
2.0: Configuration25%
3.0: Investigation25%
4.0: Reporting Engine15%
5.0: User Management10%
Total100%

 

Domain 1.0: Architecture
The RSA NetWitness Platform  Administrator must have a fundamental knowledge of key features and benefits of the RSA NetWitness Platform  product. The RSA NetWitness Platform  Administrator is expected to be able to identify the functions that highlight the product features and capabilities within an RSA NetWitness Platform  environment and understand how the product can be used to identify security concerns.

 

Content Areas

  • Components
    - Hosts
    - REST API
    - User interface
  • Data collection
    - Packet capture
    - Meta creation

 

Domain 2.0: Configuration

The RSA NetWitness Platform  Administrator must have a fundamental knowledge of how to configure key components of the RSA NetWitness Platform  product and how to affect system changes to help gather data and provide consolidated metadata for analysis.

 

Content Areas

  • Configure Components
    - Device configuration
    - Reset password
    - Create groups
    - Configure health and wellness
    - Configure log collection
  • Configure External Authentication
    - Configure SecurID

 

 

Domain 3.0: Investigation
The RSA NetWitness Platform  Administrator must have a fundamental knowledge of key investigation features in the RSA NetWitness Platform product in order to assure proper functioning of the Investigate module.

 

Content Areas

  • Rules
    - Application rules
    - Network rules
    - Correlation rules
  • Live
    - Feeds
    - Packages
  • Investigate UI
    - Views
    - Queries
    - Meta groups
    - Context hub

 

Domain 4.0: User Management
The RSA NetWitness Platform  Administrator must have a fundamental knowledge of how to manage users. The RSA NetWitness Platform  Administrator is expected to be able to create and maintain users.

 

Content Areas

  • Trust model

 

Domain 5.0: Reporting Engine
The RSA NetWitness Platform  Administrator must have a fundamental knowledge of Reporting Engine configuration and operation.

 

Content Areas

  • Reporting Engine components
    - Charts
    - Rules
    - Databases
    - Output actions
    - Lists
  • Reporting Engine configuration
    - Output actions
    - Notifications
    - Data sources

 

Examination Preparation

 

Product Training
Although RSA NetWitness Platform  product training is not a strict requirement in preparation for the exam, it is highly recommended.

Analysis of test results of RSA Certification exams indicates that a majority of candidates who attend training prior to testing are more likely to successfully pass the exam on their first attempt.

 

For full and detailed descriptions of RSA NetWitness Platform  course offerings, visit: https://community.rsa.com/community/training/netwitness

 

Product Experience
Many of the areas addressed by the RSA NetWitness Platform  Administrator exam will be familiar to the candidate who has worked with the RSA NetWitness Platform  product.

 

The RSA NetWitness Platform  Administration exam content areas cover a wide range of solution functions because an administrator also customizes and optimizes the interface, and contributes to the day-to-day operation of an RSA NetWitness Platform implementation.

 

Examination Details

 

Testing Centers, Locations, and Registration

 

The examination is administered by the Pearson VUE organization – an internationally known examination provider. Examination centers are located worldwide. Visit the Pearson VUE web site (www.pearsonvue.com/rsa/) and use the Test Center Locator to find a testing facility convenient to you.

 

You may also use the Pearson VUE site to create a personal login account and register for an exam. The RSA NetWitness Platform  Administrator exam code is 050-11-CARSANWLN01.

 

Exam Questions

 

The RSA NetWitness Platform  Administrator exam consists of 70 questions to be completed in 85 minutes. The exam consists of multiple-choice, multiple-response, or true/false type questions. The exam is computer-based and closed book – you may not utilize any printed material, personal computers, calculators, cell phones, etc. during the test.

 

The minimum passing score is 70%. Test results are calculated automatically at the conclusion of the test and testing center personnel can often provide you with an authorized copy of your results before you leave the testing center.

 

Exam Costs
The fee for taking the exam is US$ 150.00.

 

Language Availability
The RSA NetWitness Platform  Administrator exam is available in North American English.

 

What to expect at the Testing Center

You must present two forms of identification; one of which is a photo identification.

 

You will be required to electronically accept the terms of an RSA Certification Program Non-Disclosure Agreement before beginning the examination. You are given an additional 5 minutes above and beyond the examination time to read this agreement before accepting.

 

Re-taking the Exam
There is no limit on the number of times that you can re-take the certification exam. However, to maintain integrity and confidentiality of the test items, 14 days is the required elapsed time before retaking the test a third time. Please note that you must pay the full exam fee each time that you retake the

Attachments

    Outcomes