Braindumps of 642-545
Implementing Cisco Security Monitoring,
Analysis and Response System
Thanx to www.exams.ws for providing helpful material
QUESTION NO: 1
The Cisco Security Monitoring, Analysis, and Response
System (Cisco Security MARS) is an appliance-based,
all-inclusive solution that provides unmatched insight
and control of your existing security deployment. Which
three items are correct with regard to Cisco Security
MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.
QUESTION NO: 2
Which three benefits are of deploying Cisco Security
MARS appliances by use of the global and local controller
architecture? (Choose three.)
A. A global controller can provide a summary of all
local controllers information (network topologies, incidents,
queries, and reports results).
B. A global controller can provide a central point for
creating rules and queries, which are applied simultaneously
to multiple local controllers.
C. A global controller can correlate events from multiple
local controllers to perform global sessionizations.
D. Users can seamlessly navigate to any local controller
from the global controller GUI.
QUESTION NO: 3
Which item is the best practice to follow while restoring
archived data to a Cisco Security MARS appliance?
A. Use Secure FTP to protect the data transfer.
B. Use "mode 5" restore from the Cisco Security
MARS CLI to provide enhanced security during the data
C. Choose Admin > System Maintenance > Data Archiving
on the Cisco Security MARS GUI to perform the restore
operations on line.
D. To avoid problems, restore only to an identical or
higher-end Cisco Security MARS appliance.
QUESTION NO: 4
A Cisco Security MARS appliance can't access certain
devices through the default gateway. Troubleshooting
has determined that this is a Cisco Security MARS configuration
issue. Which additional Cisco Security MARS configuration
will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple
B. Use the Cisco Security MARS GUI or CLI to configure
multiple default gateways
C. Use the Cisco Security MARS GUI or CLI to enable
a dynamic routing protocol
D. Use the Cisco Security MARS CLI to add a static route
QUESTION NO: 5
Which two options are for handling false-positive events
reported by the Cisco Security MARS appliance? (Choose
A. mitigate at Layer 2
B. archive to NFS only
D. log to the database only
QUESTION NO: 6
What is the reporting IP address of the device while
adding a device to the Cisco Security MARS appliance?
A. The source IP address that sends syslog information
to the Cisco Security MARS appliance
B. The pre-NAT IP address of the device
C. The IP address that Cisco Security MARS uses to access
the device via SNMP
D. The IP address that Cisco Security MARS uses to access
the device via Telnet or SSH
QUESTION NO: 7
Which statement best describes the case management feature
of Cisco Security MARS?
A. It is used to conjunction with the Cisco Security
MARS incident escalation feature for incident reporting
B. It is used to capture, combine and preserve user-selected
Cisco Security MARS data within a specialized report
C. It is used to automatically collect and save information
on incidents, sessions, queries and reports dynamically
without user interventions
D. It is used to very quickly evaluate the state of
QUESTION NO: 8
Which two configuration tasks are needed on the Cisco
Security MARS for it to receive syslog messages relayed
from a syslog relay server? (Choose two.)
A. Define the syslog relay collector.
B. Add the syslog relay server application to Cisco
Security MARS as Generic Syslog Relay Any.
C. Define the syslog relay source list.
D. Add the reporting devices monitored by the syslog
relay server to Cisco Security MARS.
QUESTION NO: 9
Which three options are true with regard to the Cisco
Security MARS global and local controller architecture?
A. All local controllers events are propagated to the
global controller for correlations.
B. One global controller can support multiple local
C. Each zone can have one local controller.
D. Incidents can be viewed on the global controller
based on a selected local controller.
QUESTION NO: 10
Which action enables the Cisco Security MARS appliance
to ignore false-positive events by either dropping the
events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events
D. Creating drop rules
QUESTION NO: 11
In order to enable the Cisco Security MARS appliance
to perform mitigation, which two configuration options
are correct? (Choose two.)
A. SNMP RW community string
B. A NetFlow device added in the Cisco Security MARS
C. Telnet or SSH access type with SNMP RO community
D. SSL communications with the network devices
QUESTION NO: 12
Which two alert actions can notify a user that a Cisco
Security MARS rule has fired, and that an incident has
been logged? (Choose two.)
B. Short Message Service
C. OPSEC-LEA (clear and encrypted)
D. XML notification