Actualtests 642-544
642-544 : Implementing Cisco Security Monitoring, Analysis andResponse System Last Updated Tuesday, June 24, 2008 with 46 Questions
Implementing Cisco Security Monitoring, Analysis and Response System
Exam Number: 642-544 Exam
Associated Certifications: Implementing Cisco Security Monitoring, Analysis and Response System
Duration: 49 Q&As
Free 642-544 Exams’s PDF Download
Free Actualtests offers free demo for 642-544 PDF(Implementing Cisco Security Monitoring, Analysis and Response System). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Implementing Cisco Security Monitoring, Analysis and Response System.
Recommended Training about 642-544 exam PDF
The following courses are the recommended training for 642-544 exam PDF.
642-544 Q & A with Explanations
642-544 Audio Exam
642-544 Study Guide
642-544 Preparation Lab
642-544 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
642-544 Exam: Actualtests’s Implementing Cisco Security Monitoring, Analysis and Response System PDF
The Implementing Cisco Security Monitoring, Analysis and Response System PDF for preparing for the 642-544 exam - Actualtests’s Implementing Cisco Security Monitoring, Analysis and Response System. Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.
QUESTION 1
A Cisco Security MARS appliance cannot access certain devices through the default
gateway. Troubleshooting has determined that this is a Cisco Security MARS
configuration issue. Which additional Cisco Security MARS configuration will be
required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways
C. Use the Cisco Security MARS CLI to add a static route
D. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
Answer: C
QUESTION 2
When adding a device to the Cisco Security MARS appliance, what is the reporting IP
Address of the device?
A. The source IP Address that sends syslog information to the Cisco Security MARS
appliance
B. The IP Address that Cisco Security MARS uses to access the device via SNMP
C. The pre-NAT IP address of the device
D. The IP Address that Cisco Security MARS uses to access the device via telnet or ssh
Answer: A
Explanation:
Reporting IP
The reporting IP is the source IP address of event messages, logs, notifications, or traps
that originate from the device. MARS uses this address to associate received messages
with the correct device.
QUESTION 3
Exhibit:
642-544
Actualtests.com - The Power of Knowing
The Service variables defined are used for what purpose? Select all that apply.
A. For IP Management Groups creation
B. For Data Reduction
C. For Query/Reports and Rules creation
D. For Event Groups creation
E. For NetFlow Events Management
Answer: A,C
QUESTION 4
Which of the following alert actions can be transmitted to a use as notification that a
Cisco Security MARS rule has fired and that an incident has been logged? (Choose two.)
A. Syslog
B. OPSEC-LEA (Clear and encrypted)
C. SNMP Trap
D. Distributed Threat Mitigation
E. Short Message Service
F. XML notification
Answer: E, F
Explanation:
Source:
642-544
Actualtests.com - The Power of Knowing
http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00806b614c.html
QUESTION 5
What are the two options for handling false-positive events reported by the Cisco
Security MARS appliance? ( Choose two.)
A. Drop
B. Mitigate at Layer 2
C. Archive to NFS only
D. Save as a false-positive report
E. Escalate to the Cisco Security MARS administrator
F. Log to the database only
Answer: A, F
Explanation:
Page 373 of the 4.2.x User Guide
To Tune an Unconfirmed False Positive to False Positive
Step 1 After you determine that a false positive is false, and you have clicked the Yes
button, click Next.
Step 2 On the next page, decide whether or not you want MARS to keep this event type
642-544
Actualtests.com - The Power of Knowing
in the database by
selecting the appropriate radio button:
- Dropping these events completely (that stops logging those events)
- Log to DB only (that logs the events to the DB)
QUESTION 6
To configure a Microsoft Windows IIS Server to publish logs to the Cisco Security
MARS, which log agent is installed and configured on the Microsoft Windows IIS
Server?
A. pnLog Agent
B. None, Cisco Security MARS is an agentless device
C. Cisco Security MARS agent
D. SNARE
Answer: D
Explanation:
Page 281 of the 4.2.x User Guide
QUESTION 7
What are three benefits in deploying Cisco Security MARS appliances using the global
and local controller architecture? (Choose three.)
A. Users can seamlessly navigate to any local controller from the global controller GUI
B. A global controller can provide a summary of all local controller information (network
topologies, incidents, queries and reports results)
C. A global controller can provide a central point for creating rules and queries, which
are applied simultaneously to multiple local controllers
D. The architecture provides redundancy in case one of the Cisco Security MARS local
controllers fails within a zone
Answer: A, B, C
QUESTION 8
Which two configuration options enable the Cisco Security MARS appliance to perform
mitigation? (Choose two.)
A. SNMP RW Community String
B. A NetFlow device added in the Cisco Security MARS database
C. Cisco Security MARS integration with Cisco Security Manager
D. Telnet or SSH access type with SNMP RO community
E. SSL communications with the network devices
Answer: A, D
642-544
Actualtests.com - The Power of Knowing
Explanation:
Page 79 of the 4.2.x User Guide
For L2 devices SNMP access type is sufficient with RO community. But for mitigation,
MARS requires
SNMP RW community access. If SNMP RW community is not possible, select
TELNET/SSH access
type with SNMP RO Community.
QUESTION 9
Which one of the following statements is correct regarding the Cisco Security MARS
maintenance procedure?
A. Cisco Security MARS disk drives are not hot-swappable
B. No new events can be logged when the Cisco Security MARS local database reaches
its maximum storage capacity
C. Cisco Security MARS audit logs can be exported to a centralized server for the
consolidation and protection of the log data
D. If the archive is generated with one release of software, then the restore has to be done
with the same version of software
Answer: D
Explanation:
Page 150 of the Install and Setup Guide for Cisco MARS
Explanation:
Guidelines for Restoring
When you do restore to an appliance, keep in mind the following guidelines:
The version of MARS software running on the appliance to be restored must match the
version
recorded in the archive. For example, if the data archive is for version 4.1.4, you must
reimage the
MARS Appliance to version 4.1.4, not older or newer, before using the pnrestore
command to
recover the system configuration and events.
QUESTION 10
Which action enables the Cisco Security MARS appliance to ignore false-positive events
by either dropping the events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events management page
D. Creating drop rules
E. Deleting the false-positive events from the incidents page
F. Inactivating the events
642-544
Actualtests.com - The Power of Knowing
Answer: D
Explanation:
Source
Page 441 of the 4.2.x User Guide
Working with Drop Rules
Navigate to the Drop Rules page by clicking the Rules > Drop Rules tabs.
Drop rules instruct the MARS to either drop a false positive completely from the
appliance, or to keep
it in the database. On the Drop Rules page, you add, edit, duplicate, activate an inactive
rule, or inactivate
an active rule. Inactive rules do not fire.
Free download:pass4sure 642-544
Free download:testking 642-544
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Random Posts
