Exam 642-545 study material
Made available by Examsexpert.com
Free 642-545 Exam Preparation
Questions
Exam 642-545: Implementing Cisco Security Monitoring, Analysis and Response System
For Latest 642-545 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-545.html

Question: 1
Why might Cisco Security MARS not be forwarding the incoming syslog messages that it should be
forwarding?
A. A single collector IP address is configured in Cisco Security MARS.
B. The forward queue is empty.
C. The pnparser service is not running on the Local Controller.
D. Reporting devices are sending the syslog messages to Cisco Security MARS on UDP port
514.
Answer: C
Question: 2
Which two statements are true according to the Incident shown on the MARS GUI screen? (Choose
two)
A. The Nimda rule triggered both the 227269459 and the 227269460 Incidents.
B. This is a low-severity incident.
C. There are multiple events that correlate to the 236785492 session.
D. The 236785492 session is related to both the 227269459 and the 227269460 Incidents.
Answer: C, D
Question: 3
What is used to publish events to Cisco Security MARS about Cisco IPS signatures that have fired?
A. syslog
B. Secure FTP
C. SNMP
D. SDEE
Answer: D
Question: 4
Which description is correct with regard to the case management feature of Cisco Security
MARS?
A. The Cases page on a local controller has an additional drop-down filter to display cases per a global
controller.
B. Cases are created on a global controller, but they can be viewed and modified on a local
controller.
C. Cases are created on a local controller, but they can be viewed and modified on a global
controller.
D. The global controller has a Case bar and all cases are selected from the Query/Reports >
Cases page.
Answer: C
Question: 5
Cisco Security MARS offers a family of high-performance, scalable appliances for threat
management, monitoring, and mitigation, enabling customers to make more effective use of
network and security devices. What is a supported mitigation feature on the Cisco Security MARS
appliance?
A. Storing and identifying NetFlow data for attack mitigation
B. Generating and pushing configuration commands to Layer 2 devices
C. Generating and pushing configuration commands to Layer 3 devices
D. Automatically dropping all suspected traffic at the nearest IPS appliance
For Latest 642-545 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-545.html

Answer: B
Question: 6
Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly
detection, hotspot identification, and automated mitigation capabilities. Which action will you take to
enable the Cisco Security MARS appliance to ignore false-positive events by either dropping the events
completely, or by just logging them to the database?
A. Inactivating the rules
B. Creating drop rules
C. Deleting the false-positive events from the Incidents page
D. Deleting the false-positive events from the Event Management page
Answer: B
Question: 7
In which two ways could the Cisco Security MARS present the incident data to the user
graphically from the Summary Dashboard? (Select two)
A. Compromised topology information
B. Event type group matrix
C. Path information
D. Incident vector information
Answer: C, D
Question: 8
Which three items are correct based on the Incident Vector Graph shown on the MARS GUI
screen? (Choose three.)
A. The port being attacked is port 80.
B. This incident has two associated Event Types.
C. Click the Previous button to view any other Sessions related to this incident.
D. The device being attacked is the Tivoli Server.
Answer: A, B, D
Question: 9
Which two statements accurately describe the Cisco Security MARS rules? (Choose two)
A. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security
MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on
the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS
global controller.
C. It is not possible to edit the global rules created on the Cisco Security MARS global controller from
the Cisco Security MARS local controller.
D. Rules can be created on both the Cisco Security MARS global controller and the Cisco
Security MARS local controllers. Rules on the Cisco Security MARS global controller will
propagate down to the Cisco Security MARS local controllers.
Answer: B, D
For Latest 642-545 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-545.html

For complete Exam 642-545 Training kits and Self-Paced Study Material
Visit:
http://www.examsexpert.com/642-545.html
www.Examsexpert.com
For Latest 642-545 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-545.html