Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 642-544 exam.Successful candidates have provided their reviews about our guaranteed Cisco 642-544 preparation material,you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.
QUESTION 31
Once data archiving has been enabled on the Cisco Security MARS appliance when does archiving initially occur?
A. Data is archived via NFS when a new incident occurs.
B. Whenever a new event is received, data will be archived via NFS.
C. Data is archived off the Cisco Security MARS via NFS when the Cisco Security MARS database fills up.
D. Data is archived nightly as a scheduled operation.
E. Data is archived when a configuration change occurs on the Cisco Security MARS.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
Referring to the incident Vector Graph shown on the MARS GUI screen, which three of the following statements are correct? (Choose three.)
A. The port being attacked is port 80.
B. This incident has two associated Event Types.
C. You can mitigate this attack by clicking on the device being attacked.
D. The device being attacked is the Tivoli Server.
E. Click the Previous button to view any other Sessions related to this incident.
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two)
A. User-defined rules are treated as global rules. When an incident is fired by a user-defined rule on the Cisco Security MARS local controller, the rule propagates to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
D. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.
E. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the Cisco Security MARS local controller.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 34
What are three benefits in deploying Cisco Security MARS appliances using the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
C. The architecture provides redundancy in case one of the Cisco Security MARS local controllers fails within a zone.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
E. A global controller can correlate events from multiple local controllers to perform global sessionizations.
F. Rules that apply to multiple local controllers cannot be created on the global controller and pushed down to them from a central location.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 36
How does the Cisco Security MARS appliance perform IP address correlation (that is, map IP address translation) across NAT and PAT boundaries?
A. uses the NetFlow data
B. queries the PAT and NAT translation table through topological awareness and device configuration
C. analyzes the syslog messages that are received from the firewall devices in the network
D. uses a NAT detection protocol to correlate the pre- and post-NAT and PAT addresses
E. uses predefined Cisco Security MARS system NAT rules to correlate events across NAT and PAT boundaries
F. uses NAT-T detection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Referring to the Rule shown on the MARS GUI screen, what is used to determine that three is a sudden traffic increase to a particular port, and which type of attack is this Rule useful for detecting? (Choose two.)
A. real-time queries
B. CSA logs
C. Netflow data
D. snmp polling
E. day-zero attacks
F. access attacks
G. Reconnaissance attacks
H. Denial of service attacks.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Which statement is true about the case management feature of Cisco Security MARS?
A. Cases are created on a global controller, but they can be viewed and modified on a local controller.
B. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Which one of the following incident types is pushed from a local controller to a global controller?
A. incidents on the local controller triggered by predefined system rules
B. incidents on the local controller triggered by local rules
C. true positive incidents on the local controller
D. any incidents on the local controller
E. incidents on the local controller that are manually selected for escalation to the global controller
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 40
What enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
A. Cisco Security MARS Global Controller
B. Cisco Security Manager
C. NetFlow
D. Cisco Security MARS Custom Parser
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 41
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. Secure FTP
E. SSH
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Drop A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 43
What is a supported mitigation feature on the Cisco Security MARS appliance?
A. generating and pushing configuration commands to Layer 3 devices
B. generating and pushing configuration commands to Layer 2 devices
C. automatically dropping all suspected traffic at the nearest IPS appliance
D. storing and identifying NetFlow data for attack mitigation
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Cisco Security MARS uses NetFlow data to perform which function?
A. traffic profiling and statistical anomaly detection
B. correlation across NAT boundary
C. data reductions
D. events normalization
E. false-positive analysis
F. topology-aware sessionizations to combine multiple events into end-to-end sessions
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 45
What is used to publish events to Cisco Security MARS about Cisco IPS signatures that have fired?
A. SNMP
B. SSL
C. HTTPS
D. SDEE
E. syslog
F. Secure FTP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which attack can be detected by Cisco Security MARS using NetFlow data?
A. man-in-the middle attack
B. day-zero attack
C. spoof attack
D. Land attack
E. buffer overflow attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 47
To configure the MARS appliance to send out an alert when the system rule fires, what should you do from the MARS GUI screen shown?
A. Click on “Active” in the “Status” field, select the appropriate alerts, then apply.
B. Click on “None” in the “Action” field, select the appropriate alerts, then apply.
C. Click “Edit” to edit the “Operation” field of the rule, select the appropriate alert option(s), then apply.
D. Click “Edit” to edit the “Event” field of the rule, select the appropriate alert option(s), then apply.
E. Click “Edit” to edit the “Reported User” field of the rule, select the appropriate alert option(s), then apply.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Referring to the incident shown on the MARS GUI screen, which two of the following statements are correct? (Choose two.)
A. This is a low-severity incident.
B. This is a false positive incident.
C. There are multiple events that correlate to the 236785492 session.
D. The 236785492 session is related to both the 227269459 and the 227269460 Incidents.
E. The Nimda rule triggered both the 227269459 and the 227269460 Incidents.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
What are the two options for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. archive to NFS only
B. save as a false-positive report
C. drop
D. mitigate at Layer 2
E. log to the database only
F. escalate to the Cisco Security MARS administrator
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Free practice questions for Cisco 642-544 exam.These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the Cisco 642-544.