642-544 - MARS - Implementing Cisco Security Monitoring, Analysis and Response System

Go back to Cisco

Example Questions

What will happen if you try to run a Cisco Security MARS query that will take a long time to complete? A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue? The Cisco Security MARS appliance supports which protocol for data archiving and restoring? What is a zone? Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two) Once data archiving has been enabled on the Cisco Security MARS appliance when does archiving initially occur? At what level of operation does the Cisco Security MARS appliance perform NAT and PAT resolution? To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server? What enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline? Which statement best describes the case management feature of Cisco Security MARS? Which attack can be detected by Cisco Security MARS using NetFlow data? Which one of the following statements is correct regarding the Cisco Security MARS maintenance procedure? What protocol does Juniper NetScreen IDP use to exchange IPS events with the Cisco Security MARS? When restoring archived data to a Cisco Security MARS appliance, what is the best practice to follow? What is a supported mitigation feature on the Cisco Security MARS appliance? Which two configuration options enable the Cisco Security MARS appliance to perform mitigation? (Choose two.) Which one of the following incident types is pushed from a local controller to a global controller? When adding a device to the Cisco Security MARS appliance, what is the reporting IP address of the device? Which statement is true about the case management feature of Cisco Security MARS?