Pass4sure 642-544 MARS
Filed Under (Cisco) by Best PassGuide Certification PDF Dumps on 26-09-2008
Implementing Cisco Security Monitoring, Analysis and Response System
Exam Number: 642-544
Associated Certifications: Implementing Cisco Security Monitoring, Analysis and Response System
Duration: 60 minutes (40-50 Questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The 642-544 MARS Implementing Cisco Security Monitoring, Analysis and Response System exam is associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the Implementing Cisco Security Monitoring, Analysis and Response System course. This exam tests a candidate’s knowledge of the Cisco Security Monitoring, Analysis and Response System.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Install and configure the Cisco Security MARS product
Identify the components, features and functions of the Cisco Security MARS product
Describe the process of installing the Cisco Security MARS appliance
Add Cisco reporting devices into the Cisco Security MARS appliance
Add non-Cisco reporting devices into the Cisco Security MARS appliance
Investigate events that the Cisco Security MARS appliance collects from configured security devices
Configure the Cisco Security MARS appliance to send alerts
Create and view a long-duration query on the Cisco Security MARS appliance
Configure rules to detect interesting patterns of network activity and other anomalous network behavior
Use the management features in the Cisco Security MARS appliance to assign event, addressing, service, and user information
Configure the Cisco Security MARS appliance hardware maintenance activities
Utilize the Global Controller to manage multiple Cisco Security MARS appliances
Question: 1
The definitions on the left to the appropriate terms on the right
Answer:
Question: 2
What will happen if you try to run a Cisco Security MARS query that will take a long time to complete?
A. After submitting the query, the Cisco Security MARS GUI screen will be locked up until the query is completed.
B. The query will be automatically saved as a rule.
C. The query will be automatically saved as a report.
D. You will be prompted to “Submit Batch” to run the query in batch mode.
TK
Exam Name: Implementing Cisco Security Monitoring, Analysis and Response
Exam Type: CISCO
Exam Code: 642-544 Total Questions: 39
Answer: D
Question: 3
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS B. TFTP C. FTP
D. Secure FTP E. SSH
Answer: A Question: 4
What is a benefit of using the dollar variable (as in $TARGET01) when creating queries in Cisco
Security MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuple information using a variable.
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C. The dollar variable allows matching of any unknown reporting device. D. The dollar variable allows matching of any event type groups.
E. The dollar variable enables the same query to be applied to different reports.
F. The dollar variable enables the same query to be applied to different cases.
Answer: B Question: 5
A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
B. use the Cisco Security MARS CLI to add a static route
C. use the Cisco Security MARS GUI to configure multiple default gateways
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways
Answer: B Question: 6
What are three ways to add devices to the Cisco Security MARS appliance? (Choose three.)
A. import the devices from CiscoWorks
B. import the devices from Cisco Security Manager
C. load the devices from seed files
D. use SNMP auto discovery
E. use CDP to automatically discover the neighboring devices
F. manually add the devices, one at a time
Answer: C, D, F Question: 7
TK
Exam Name: Implementing Cisco Security Monitoring, Analysis and Response
Exam Type: CISCO
Exam Code: 642-544 Total Questions: 39
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either
dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page
Answer: Pending
Question: 8
Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules. B. Rules can be saved as reports. C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file. F. Rules can be created using a query.
Answer: B Question: 9
Which of the following alert actions can be transmitted to a user as notification that a Cisco
Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)
Answer: A, D, F Question: 10
To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server?
A. pnLog agent
B. Cisco Security MARS agent
C. SNARE
D. None. Cisco Security MARS is an agentless device.
Answer: B, D Question: 11
What three data points are used to correlate reports in the Cisco Security MARS? (Choose three.)
A. Maximum Rank Returned
B. Query Criterion
C. View Type
TK
Exam Name: Implementing Cisco Security Monitoring, Analysis and Response
Exam Type: CISCO
Exam Code: 642-544 Total Questions: 39
D. Order/Rank By
E. Incident Type
F. Period of Time
Answer: C Question: 12
The Service variables defined are used for what purpose?
A. for Event Groups creation
B. for Query/Reports and Rules creation
C. for IP Management Groups creation
D. for NetFlow Events Management
E. for Data Reduction
Answer: B, C Question: 13
Refer to the Cisco Security MARS Event Management partial screen shown above.
Free 642-544 Exams’s PDF Download
Free Testking offers free demo for 642-544 PDF(Implementing Cisco Security Monitoring, Analysis and Response System). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Implementing Cisco Security Monitoring, Analysis and Response System.
Recommended Training about 642-544 exam PDF
The following courses are the recommended training for 642-544 exam PDF.
642-544 Q & A with Explanations
642-544 Audio Exam
642-544 Study Guide
642-544 Preparation Lab
Exam Number/Code: 642-544
Exam Name: Implementing Cisco Security Monitoring, Analysis and Response System
“Implementing Cisco Security Monitoring, Analysis and Response System”, also known as 642-544 exam, is a Cisco certification.
Preparing for the 642-544 exam? Searching 642-544 Test Questions, 642-544 Practice Exam, 642-544 Dumps?
With the complete collection of questions and answers, Pass4sure has assembled to take you through 49 Q&As to your 642-544 Exam preparation. In the 642-544 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.
Questions and Answers : 49 Q&As
Updated: May 3rd , 2008
Market Price: $125.99
Member Price: $99.99
Pass4sure 642-544 MARS
Interactive Testing Engine Included!
46 Questions
Updated : 09/18/2008
Price : $87.99 $79.99
Free download:pass4sure 642-544 MARS
Free download:testking 642-544 MARS
Download Free Latest PassGuide Microsoft braindumps
- Free testking 642-544 MARS Dumps
- Free Testinside cisco CCSP 642-544 Dumps
- Free pass4sure cisco ccsp 642-545 2.77 Dumps
- Free Cisco 642-544 Exam Dumps
- Free New Cisco CCSP Exams Dumps
- Free download free cisco ccsp books Dumps
- Free Pass4sure 642-533 IPS Dumps
- Free download new pass4sure cisco ccsp dumps Dumps
- Free Pass4sure 642-565 SSSE Dumps
- Free Pass4sure 642-591 CANAC Dumps
