Cisco 642-545 Practice Test, Welcome To Buy Cisco 642-545 Exam Test Questions With High Quality

New Questions! Now more new added Cisco https://www.pass4itsure.com/642-545.html exam questions and answers are available at Flydumps In Flydumps new Cisco 642-545 vce or pdf braindump file, you can get all Cisco 642-545 new questions and answers.We guarantee the 100% pass rate.

QUESTION 56
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. Secure FTP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Why might Cisco Security MARS not be forwarding the incoming syslog messages that it should
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545 be forwarding?
A. A single collector IP address is configured in Cisco Security MARS.
B. The forward queue is empty.
C. The pnparser service is not running on the Local Controller.
D. Reporting devices are sending the syslog messages to Cisco Security MARS on UDP port 514.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which two statements are true according to the Incident shown on the MARS GUI screen? (Choose two)

A. The Nimda rule triggered both the 227269459 and the 227269460 Incidents.
B. This is a low-severity incident.
C. There are multiple events that correlate to the 236785492 session.
D. The 236785492 session is related to both the 227269459 and the 227269460 Incidents.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 59
What is used to publish events to Cisco Security MARS about Cisco IPS signatures that have fired?
A. syslog
B. Secure FTP
C. SNMP
D. SDEE

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which description is correct with regard to the case management feature of Cisco Security MARS?
A. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.
B. Cases are created on a global controller, but they can be viewed and modified on a local controller.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545
QUESTION 61
Cisco Security MARS offers a family of high-performance, scalable appliances for threat management, monitoring, and mitigation, enabling customers to make more effective use of network and security devices. What is a supported mitigation feature on the Cisco Security MARS appliance?
A. Storing and identifying NetFlow data for attack mitigation
B. Generating and pushing configuration commands to Layer 2 devices
C. Generating and pushing configuration commands to Layer 3 devices
D. Automatically dropping all suspected traffic at the nearest IPS appliance

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. Which action will you take to enable the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. Inactivating the rules
B. Creating drop rules
C. Deleting the false-positive events from the Incidents page
D. Deleting the false-positive events from the Event Management page

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 63
In which two ways could the Cisco Security MARS present the incident data to the user graphically from the Summary Dashboard? (Select two)
A. Compromised topology information
B. Event type group matrix
C. Path information
D. Incident vector information

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Which three items are correct based on the Incident Vector Graph shown on the MARS GUI screen? (Choose three.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545

A. The port being attacked is port 80.
B. This incident has two associated Event Types.
C. Click the Previous button to view any other Sessions related to this incident.
D. The device being attacked is the Tivoli Server.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which two statements accurately describe the Cisco Security MARS rules? (Choose two)
A. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the Cisco Security MARS local controller.
D. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.
Correct Answer: BD Section: (none) Explanation

Explanation/Reference:
QUESTION 66
Which three options are true with regard to the Cisco Security MARS global and local controller architecture? (Choose three.)
A. All local controllers events are propagated to the global controller for correlations.
B. One global controller can support multiple local controllers.
C. Each zone can have one local controller.
D. Incidents can be viewed on the global controller based on a selected local controller.

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Cisco Security MARS uses NetFlow data to perform which function?
A. Traffic profiling and statistical anomaly detection
B. Correlation across NAT boundary
C. Data reductions PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545
D. Events normalization

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which of the following alert actions can be transmitted to a use as notification that a Cisco Security MARS rule has fired and that an incident has been logged? (Choose two.)
A. Syslog
B. OPSEC-LEA (Clear and encrypted)
C. Short Message Service
D. XML notification

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which three items are true with regard to the Cisco Security MARS syslog forwarding feature for relaying the received syslog data to a syslog server? (Choose three.)
A. The configured collector is a designated host that receives a syslog message but the collector does not relay it to another host.
B. Cisco Security MARS can forward alert data to multiple collector IP addresses.
C. Syslog forwarding is disabled until you specify the collector and at least one source host.
D. The pnparser service should be running for the syslog forwarding feature to work.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which incident type is pushed from a local controller to a global controller?
A. Incidents on the local controller triggered by predefined system rules
B. Any incidents on the local controller
C. Incidents on the local controller triggered by local rules
D. True positive incidents on the local controller

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Most SIM offerings are software based and designed to operate on standard hardware platforms; however, recently a wave of optimized appliances tuned for performance has entered the market. Which of the following options are the functions of SIMs?
A. Collect event data from reporting sources
B. Store data for analysis, reporting, and archiving
C. Correlate the data to show relationships
D. Present the data for analysis
E. Report on, alarm on, and/or notify about the data

Correct Answer: ABCDE Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which statement about the Cisco Security MARS maintenance procedure is true?
A. No new events can be logged when the Cisco Security MARS local database reaches its maximum storage capacity.
B. If the archive is generated with one release of software, then the restore has to be done with the same version of software.
C. Cisco Security MARS disk drives are not hot-swappable.
D. Cisco Security MARS audit logs can be exported to a centralized server for the consolidation PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545 and protection of the log data.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 73
Study the exhibit carefully. Which icon can be chosen to generate the access rules information displayed toward the bottom of the screen?

A. Incident Vector icon
B. Security Manager Policy Table Lookup icon
C. ISR Device Manager Policy icon
D. Raw Events icon

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Global Controller is a master unit that allows for global management of one or more Local Controllers. Is correct?
A. Correct
B. False

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

Flydumps Free Cisco https://www.pass4itsure.com/642-545.html exam dumps are audited by our certified subject matter experts and published authors for development. Cisco 642-545 exam dumps are one of the highest quality Cisco 642-545 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope. Passtcert guarantees you pass Cisco 642-545 exam at first attempt.

Author: markrandom