Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
RSA® Certification Program
The RSA Proven Professional Certification Program offers technology professionals the knowledge, skills and credentials necessary to become a trusted adviser in deploying and maintaining RSA security system platforms.
Introduction This examination is based on the critical job functions typically expected by those providing security analyst services with RSA NetWitness Endpoint.
An RSA NetWitness Endpoint Analyst typically works in professional services, incident response, or another security implementation role within RSA, within an RSA Partner organization, or within an organization using RSA NetWitness Endpoint.
The expertise expected of an RSA NetWitness Endpoint security analyst includes in-depth knowledge in these areas:
The characteristics and behavior of malicious software and related intrusion tactics
The RSA NetWitness Endpoint technology and related technologies
Ability to perform basic module analysis and event timeline reconstruction
Candidate Background and Experience
An RSA NetWitness Endpoint Analysis candidate should have a minimum of two years of professional experience in one or more of the following technical areas and understand how these technologies relate to the RSA NetWitness Endpoint product:
IT admin-level knowledge of relevant operating systems - Windows and Active Directory - macOS - Linux
The RSA NetWitness Endpoint Analysis examination is comprised of three major Domains (subject areas). Each Domain is represented by a number of questions designed to evaluate competence and knowledge relating to that domain. The following table approximates the importance of each domain in the exam:
% of Examination
1.0: RSA NetWitness Endpoint User Interface
2.0: RSA NetWitness Endpoint Architecture
3.0: RSA NetWitness Endpoint Analysis Basics
Domain 1.0: RSA NetWitness Endpoint User Interface The RSA NetWitness Endpoint security analyst must have a comprehensive knowledge of the product’s default interface, the methods available for customizing the interface, and familiarity with features visible by default and available in the various areas of the User Interface.
Machines View - Interpret status, threat indicator, and properties fields - Optional fields of content hidden by default
Modules View - Filtering, threat indicator, and properties fields - Optional fields of content hidden by default
Other interface areas - Main Menu: Dashboard, InstantIOCs, IP List, Downloads, Events - Other options: Operating System tabs, Restore Layout, Refresh
Domain 2.0: RSA NetWitness Endpoint Architecture The RSA NetWitness Endpoint security analyst must have a comprehensive knowledge of the RSA NetWitness Endpoint product, component architecture, requirements, and typical configuration options.
ConsoleServer and SQL database
Agent and Agent Packager
Remote Agent Relay functionality
Domain 3.0: RSA NetWitness Endpoint Analysis Basics RSA NetWitness Endpoint security analysts must display the ability to perform basic threat analysis using the tool.
Module analysis - Process for baselining, whitelisting, and blacklisting - IIOCs for malicious module characteristics and behaviors - Criteria for blacklisting and 3rd party sources of contextual information
Machine and Event analysis - IIOCs for machine and threat prioritization - Link modules to events via network and behavior tracking to perform timeline reconstruction
Product Training Although RSA NetWitness Endpoint product training is not a strict requirement in preparation for the RSA NetWitness Analysis Examination, it is highly recommended. Analysis of test results of RSA Certification exams indicates that a majority of candidates who attend training prior to testing are more likely to successfully pass the exam on their first attempt.
Product Experience Many of the areas addressed by the RSA NetWitness Endpoint Analysis exam will be familiar to the candidate who has worked with the RSA NetWitness Endpoint product.
The RSA NetWitness Endpoint Analysis exam content areas cover a wide range of solution functions because a security analysts should expect to not only analyze potential threats, but also customize and optimize the interface, research threats outside the RSA tool, work closely with and educate system administrators and other personnel, and contribute to the day-to-day operation of an RSA NetWitness Endpoint implementation.
Testing Centers, Locations, and Registration
The RSA NetWitness Endpoint Analysis examination is administered by the Pearson VUE organization – an internationally known examination provider. Examination centers are located worldwide. Visit the Pearson VUE website (http://pearsonvue.com/rsa/) and use the Test Center Locator to find a testing facility convenient to you.
You may also use the Pearson VUE site to create a personal login account and register for an exam. The RSA NetWitness Endpoint Analysis exam code is 050-43-NWE-ANALYST01.
The RSA NetWitness Endpoint Analysis exam consists of 70 questions to be completed in 85 minutes. The exam consists of multiple-choice and multiple-response type questions. The exam is computer-based and closed book– you may not utilize any printed material, personal computers, calculators, cell phones, etc. during the test. The minimum passing score is 70%. Test results are calculated automatically at the conclusion of the test and testing center personnel can often provide you with an authorized copy of your results before you leave the testing center.
Exam Costs The fee for taking the exam is US$ 150.00.
The RSA NetWitness Endpoint Analysis exam is available in North American English.
What to expect at the Testing Center
You must present two forms of identification; one of which is a photo identification.
You will be required to electronically accept the terms of an RSA Certification Program Non-Disclosure Agreement before beginning the examination. You are given an additional 5 minutes above and beyond the examination time to read this agreement before accepting.
Re-taking the Exam There is no limit on the number of times that you can re-take the certification exam. However, to maintain integrity and confidentiality of the test items, 14 days is the required elapsed time before retaking the test a third time. Please note that you must pay the full exam fee each time that you retake the