Testking Cisco CCSP 642-544 Exam
Exam 642-544: Implementing Cisco Security MARS (MARS)
Related Certifications: CCSP
Number of Questions: 40-50
Duration: 60 minutes
Exam Topics Include:
* Install and configure the Cisco Security MARS product
* Identify the components, features and functions of the Cisco Security MARS product
* Installing the Cisco Security MARS appliance
* Add Cisco reporting devices into the Cisco Security MARS appliance
* Investigate events that the Cisco Security MARS appliance collects from configured security devices
* Configure the Cisco Security MARS appliance to send alerts
* Configure rules to detect interesting patterns of network activity and other anomalous network behavior
* Configure the Cisco Security MARS appliance hardware maintenance activities
The 642-544 MARS Implementing Cisco Security Monitoring, Analysis and Response System exam is associated with the Cisco Certified Security Professional certification. This is one of the optional exams required for the CCSP.
Let TestKing help you get your CCSP certification. The TestKing 642-544 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam, the first time. We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations provided by our certified industry experts, ensuring that you fully understand the questions and the concept behind the questions.
These TestKing experts continuously update our study materials with new questions and explanations, as they become available. These exam updates are supplied free of charge to our TestKing customers. Our customers receive the most reliable and up-to-date information available anywhere on the market, so they can be sure that they will be ready for their exam on their testing day. Our candidates walk into the Testing Room with the knowledge and confidence they need to pass their certification exam on their very first attempt!
Question No: 2 Which attack can be detected by Cisco Security MARS using NetFlow data?
A- man-in-the middle attack
B – day-zero attack )
C- spoof attack
D- Land attack ) E – buffer overflow attack
Answer:B
Question No:3 To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which
log agent is installed and configured on the Microsoft Windows IIS server?
A- pnLog agent
B- Cisco Security MARS agent
C- SNARE
D- None. Cisco Security MARS is an agentless device.
Answer:C
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways
Answer: B
C. use the Cisco Security MARS GUI to configure multiple default gateways
B. use the Cisco Security MARS CLI to add a static route
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
Question No: 4 A Cisco Security MARS appliance cannot access certain devices through the default gateway.
Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional
Cisco Security MARS configuration will be required to correct this issue?
Question No: 5 Which action enables the Cisco Security MARS appliance to ignore false-positive events by
either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page
Answer: B
Question No: 6 Which three of the following statements are correct regarding the Query shown on the
MARS GUI screen?(Choose three.)
A. Query will match any source IP address.
B. Query will only match a source IP address of 10.10.10.10.
C. Query will only match a destination IP address range from 10.1.1.1 to 10.1.1.25.
D. Query will only match a destination IP address of 10.1.1.1 OR 10.1.1.25.
E. Query will only not match any services since both TCP-highPort and UDP-highPort service groups are
specified in the Service field.
F. Query will only match any services using the TCP-highPort OR UDP-highPort service groups.
Answer: A, C, F
642-544
4
Question No: 7 Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Answer: A, D, F
Question No: 8 Which two are required to enable Cisco Security MARS Level 3 operations? (Choose two.)
A. global controller
B. vulnerability scanning
C. NetFlow
D. SNMP community string
E. administrative access to the device
F. Cisco Security Manager
Answer: D, E
Question No: 9 What is a zone?
A. A zone represents all the local controllers each global controller is monitoring.
B. A zone is a logical partition within a local controller. Configuring zones allows the local controller to scale to
cover large networks.
C. A zone is an area of a customer network related to one local controller. Each local controller represents a
specific zone.
D. Each zone within the global controller is configured and managed independently.
E. Each zone within the local controller is configured and managed independently.
Answer: C
Question No: 10 In what two ways can the Cisco Security MARS present the incident data to the user
graphically from the Summary Dashboard? (Select two)
642-544
5
A. event type group matrix
B. incident firing information
C. path information
D. compromised topology information
E. incident vector information
F. system-confirmed true positive information
Answer: C, E
testking ccsp Interactive Testing Engine Included!
46 Questions
Updated : 03/11/2008
Price : $87.99 $79.99
Free down:Testking Cisco CCSP 642-544
pass4sure ccsp 642-544 v2.93
password:www.pass4sure.cc
Recent Comments