642-544 - MARS - Implementing Cisco Security Monitoring, Analysis and Response System
Go back to
Cisco
Example Questions
What will happen if you try to run a Cisco Security MARS query that will take a long time to complete?
You will be prompted to "Submit Batch" to run the query in batch mode.
A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?
use the Cisco Security MARS CLI to add a static route
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
NFS
What is a zone?
A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone.
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two)
Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
Once data archiving has been enabled on the Cisco Security MARS appliance when does archiving initially occur?
Data is archived via NFS when a new incident occurs.
At what level of operation does the Cisco Security MARS appliance perform NAT and PAT resolution?
Local (Level 0)
To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server?
Cisco Security MARS agent
None. Cisco Security MARS is an agentless device.
What enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
Cisco Security MARS Custom Parser
Which statement best describes the case management feature of Cisco Security MARS?
It is used in conjunction with the Cisco Security MARS incident escalation feature for incident reporting.
Which attack can be detected by Cisco Security MARS using NetFlow data?
spoof attack
buffer overflow attack
Which one of the following statements is correct regarding the Cisco Security MARS maintenance procedure?
If the archive is generated with one release of software, then the restore has to be done with the same version of software.
What protocol does Juniper NetScreen IDP use to exchange IPS events with the Cisco Security MARS?
RDEP
When restoring archived data to a Cisco Security MARS appliance, what is the best practice to follow?
Use Secure FTP to protect the data transfer.
What is a supported mitigation feature on the Cisco Security MARS appliance?
generating and pushing configuration commands to Layer 3 devices
Which two configuration options enable the Cisco Security MARS appliance to perform mitigation? (Choose two.)
Telnet or SSH access type with SNMP RO community
Which one of the following incident types is pushed from a local controller to a global controller?
incidents on the local controller that are manually selected for escalation to the global controller
When adding a device to the Cisco Security MARS appliance, what is the reporting IP address of the device?
the source IP address that sends syslog information to the Cisco Security MARS appliance
Which statement is true about the case management feature of Cisco Security MARS?
Cases are created on a global controller, but they can be viewed and modified on a local controller.