Cisco 642-544 Exam Guide, 100% Pass Guarantee Cisco 642-544 Exam Download Online Store
Flydumps is the best place for preparing IT Certifications as we are providing latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of Cisco 642-544 exam question. Wondering what could be this effective? It is our training material which serves as a guide to achieving your dream as a certified professional.
QUESTION 30
After manually adding the BR-FW-1 device shown in the MARS GUI screen, what additional steps do you need to perform?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
A. Click “Activate” to enable the device.
B. Click “Submit” to enable the device.
C. Click “Submit” to test access to the device. When access is successful, click “Activate” to activate the device.
D. Click “Activate” to activate the device, then click “Submit” to save the device configuration.
E. Click “Discover’ to initiate manual discovery. When discovery is completed, click “Submit,” then “Activate.”
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Once data archiving has been enabled on the Cisco Security MARS appliance when does archiving initially occur?
A. Data is archived via NFS when a new incident occurs.
B. Whenever a new event is received, data will be archived via NFS.
C. Data is archived off the Cisco Security MARS via NFS when the Cisco Security MARS database fills up.
D. Data is archived nightly as a scheduled operation.
E. Data is archived when a configuration change occurs on the Cisco Security MARS. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
Referring to the incident Vector Graph shown on the MARS GUI screen, which three of the following statements are correct? (Choose three.)
A. The port being attacked is port 80.
B. This incident has two associated Event Types.
C. You can mitigate this attack by clicking on the device being attacked.
D. The device being attacked is the Tivoli Server.
E. Click the Previous button to view any other Sessions related to this incident.
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two)
A. User-defined rules are treated as global rules. When an incident is fired by a user-defined rule on the Cisco Security MARS local controller, the rule propagates to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.
D. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
E. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the
Cisco Security MARS local controller.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 34
What are three benefits in deploying Cisco Security MARS appliances using the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
C. The architecture provides redundancy in case one of the Cisco Security MARS local controllers fails within a zone.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
E. A global controller can correlate events from multiple local controllers to perform global sessionizations.
F. Rules that apply to multiple local controllers cannot be created on the global controller and pushed down to them from a central location.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 36
How does the Cisco Security MARS appliance perform IP address correlation (that is, map IP address translation) across NAT and PAT boundaries?
A. uses the NetFlow data
B. queries the PAT and NAT translation table through topological awareness and device configuration
C. analyzes the syslog messages that are received from the firewall devices in the network PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
D. uses a NAT detection protocol to correlate the pre- and post-NAT and PAT addresses
E. uses predefined Cisco Security MARS system NAT rules to correlate events across NAT and PAT boundaries
F. uses NAT-T detection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Referring to the Rule shown on the MARS GUI screen, what is used to determine that three is a sudden traffic increase to a particular port, and which type of attack is this Rule useful for detecting? (Choose two.)
A. real-time queries
B. CSA logs
C. Netflow data
D. snmp polling
E. day-zero attacks
F. access attacks
G. Reconnaissance attacks
H. Denial of service attacks.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Which statement is true about the case management feature of Cisco Security MARS?
A. Cases are created on a global controller, but they can be viewed and modified on a local controller.
B. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Which one of the following incident types is pushed from a local controller to a global
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544 controller?
A. incidents on the local controller triggered by predefined system rules
B. incidents on the local controller triggered by local rules
C. true positive incidents on the local controller
D. any incidents on the local controller
E. incidents on the local controller that are manually selected for escalation to the global controller
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 40
What enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
A. Cisco Security MARS Global Controller
B. Cisco Security Manager
C. NetFlow
D. Cisco Security MARS Custom Parser
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 41
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. Secure FTP
E. SSH
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Drop
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 43
What is a supported mitigation feature on the Cisco Security MARS appliance?
A. generating and pushing configuration commands to Layer 3 devices
B. generating and pushing configuration commands to Layer 2 devices
C. automatically dropping all suspected traffic at the nearest IPS appliance
D. storing and identifying NetFlow data for attack mitigation
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 44
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
Cisco Security MARS uses NetFlow data to perform which function?
A. traffic profiling and statistical anomaly detection
B. correlation across NAT boundary
C. data reductions
D. events normalization
E. false-positive analysis
F. topology-aware sessionizations to combine multiple events into end-to-end sessions
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 45
What is used to publish events to Cisco Security MARS about Cisco IPS signatures that have fired?
A. SNMP
B. SSL
C. HTTPS
D. SDEE
E. syslog
F. Secure FTP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which attack can be detected by Cisco Security MARS using NetFlow data?
A. man-in-the middle attack
B. day-zero attack
C. spoof attack
D. Land attack
E. buffer overflow attack
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 47
To configure the MARS appliance to send out an alert when the system rule fires, what should you do from the MARS GUI screen shown?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
A. Click on “Active” in the “Status” field, select the appropriate alerts, then apply.
B. Click on “None” in the “Action” field, select the appropriate alerts, then apply.
C. Click “Edit” to edit the “Operation” field of the rule, select the appropriate alert option(s), then apply.
D. Click “Edit” to edit the “Event” field of the rule, select the appropriate alert option(s), then apply.
E. Click “Edit” to edit the “Reported User” field of the rule, select the appropriate alert option(s), then apply.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Referring to the incident shown on the MARS GUI screen, which two of the following statements are correct? (Choose two.)
A. This is a low-severity incident. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
B. This is a false positive incident.
C. There are multiple events that correlate to the 236785492 session.
D. The 236785492 session is related to both the 227269459 and the 227269460 Incidents.
E. The Nimda rule triggered both the 227269459 and the 227269460 Incidents.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
What are the two options for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. archive to NFS only
B. save as a false-positive report
C. drop
D. mitigate at Layer 2
E. log to the database only
F. escalate to the Cisco Security MARS administrator
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 50
What is a zone?
A. A zone represents all the local controllers each global controller is monitoring.
B. A zone is a logical partition within a local controller. Configuring zones allows the local controller to scale to cover large networks.
C. A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone.
D. Each zone within the global controller is configured and managed independently.
E. Each zone within the local controller is configured and managed independently.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 51
What are three benefits in deploying Cisco Security MARS appliances using the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
B. The architecture provides redundancy in case one of the Cisco Security MARS local controllers fails within a zone.
C. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
D. Rules that apply to multiple local controllers cannot be created on the global controller and PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544
pushed down to them from a central location.
E. Users can seamlessly navigate to any local controller from the global controller GUI.
F. A global controller can correlate events from multiple local controllers to perform global sessionizations.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Cisco Security MARS uses NetFlow data to perform which function?
A. correlation across NAT boundary
B. data reductions
C. false-positive analysis
D. topology-aware sessionizations to combine multiple events into end-to-end sessions
E. events normalization
F. traffic profiling and statistical anomaly detection
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two)
A. User-defined rules are treated as global rules. When an incident is fired by a user-defined rule on the Cisco Security MARS local controller, the rule propagates to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.
D. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
E. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the Cisco Security MARS local controller.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 54
What are three benefits in deploying Cisco Security MARS appliances using the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-544 topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
C. The architecture provides redundancy in case one of the Cisco Security MARS local controllers fails within a zone.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
E. A global controller can correlate events from multiple local controllers to perform global sessionizations.
F. Rules that apply to multiple local controllers cannot be created on the global controller and pushed down to them from a central location.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 56
How does the Cisco Security MARS appliance perform IP address correlation (that is, map IP address translation) across NAT and PAT boundaries?
A. uses the NetFlow data
B. queries the PAT and NAT translation table through topological awareness and device configuration
C. analyzes the syslog messages that are received from the firewall devices in the network
D. uses a NAT detection protocol to correlate the pre- and post-NAT and PAT addresses
E. uses predefined Cisco Security MARS system NAT rules to correlate events across NAT and PAT boundaries
F. uses NAT-T detection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Referring to the Rule shown on the MARS GUI screen, what is used to determine that three is a sudden traffic increase to a particular port, and which type of attack is this Rule useful for
PassGuide.com-Make You Succeed To Pass IT Exams A. real-time queries
B. CSA logs
C. Netflow data
D. snmp polling
E. day-zero attacks
F. access attacks
G. Reconnaissance attacks
H. Denial of service attacks.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Flydumps.com will provide you with the most updates material to prepare for the tests all the Cisco 642-544 torrent are available at the site. Studying with dumps makes it much easier to pass the certification. Number of networking downloads including the Cisco 642-544 download are available on the website. Various websites offering such information have information in various formats you can easily download the format that is suitable for you it can be in Cisco 642-544 Testing Engine or in html.