642-545 - Implementing Cisco Security Monitoring, Analysis and Response System Exam
Go back to Cisco
Most SIM offerings are software based and designed to operate on standard hardware platforms; however, recently a wave of optimized appliances tuned for performance has entered the market. Which of the following options are the functions of SIMs?
Collect event data from reporting sources
Store data for analysis, reporting, and archiving
Correlate the data to show relationships
Present the data for analysis
Report on, alarm on, and/or notify about the data
What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance?
The source IP address that sends syslog information to the Cisco Security MARS appliance
Which of the following alert actions can be transmitted to a use as notification that a Cisco Security MARS rule has fired and that an incident has been logged? (Choose two.)
Short Message Service
In order to enable the Cisco Security MARS appliance to perform mitigation, which two configuration options are correct? (Choose two.)
SNMP RW community string
Telnet or SSH access type with SNMP RO community
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database?
Creating drop rules
Which three items are true with regard to the Cisco Security MARS syslog forwarding feature for relaying the received syslog data to a syslog server? (Choose three.)
The configured collector is a designated host that receives a syslog message but the collector does not relay it to another host.
Syslog forwarding is disabled until you specify the collector and at least one source host.
The pnparser service should be running for the syslog forwarding feature to work.
Which incident type is pushed from a local controller to a global controller?
Incidents on the local controller triggered by predefined system rules
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)
There are three types of rules.
Rules can be created using a query.
Rules trigger incidents.
Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.)
Add the syslog relay server application to Cisco Security MARS as Generic Syslog Relay Any.
Add the reporting devices monitored by the syslog relay server to Cisco Security MARS.
Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.)
A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
Users can seamlessly navigate to any local controller from the global controller GUI.
Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance?
To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.
Which two alert actions can notify a user that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
Short Message Service
Which statement best describes the case management feature of Cisco Security MARS?
It is used to capture, combine and preserve user-selected Cisco Security MARS data within a specialized report
Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
log to the database only
Which statement about the Cisco Security MARS maintenance procedure is true?
If the archive is generated with one release of software, then the restore has to be done with the same version of software.
A Cisco Security MARS appliance can't access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?
Use the Cisco Security MARS GUI to configure multiple default gateways